Background: See Slack discussion from 19-Feb in #help.
Current password requirements appear to be:
size must be between 8 and 16
must contain at least 1 number
must not contain spaces
The recommendation would be to adhere to the latest NIST guidelines from Special Publication 800-63.
Additional advice can be found from respected security experts/developers such as Troy Hunt and Jeff Atwood. A summary conclusion is that, given current attack vectors for determining passwords, length is the most important deterrent, and dropping special character requirements increases the probability of a user being able to memorize a password (and thus not write it down on a physical medium).