With all these restrictions, I wonder how far they are reducing the possible key space? Some of these suggestions actually remove a number of permutations - like for instance you can't put in two digit years - this must remove a HUGE number of combinations!
Then you remove ALL the dictionary words, all proper names, all the TSAs serial numbers, all reversed words - well, that's gotta make cracking an 8 letter password easier :-)
I actually did an analysis of that once but I can't seem to find it now. There actually is a pretty big reduction of keyspace (in the billions) but most of it is keyspace you don't want anyway. That is actually why the best policy is to have minimum length requirement of 12-14 characters and nothing else.
Not quote my point. What I'm saying is that you make an assumption that 8 letters are used due to the ridiculous complexity requirements. Then you get all the possible combinations of letters and numbers for 8 character passwords. Then you remove all dictionary words and reversed words, all dictionary words (and reversed words) ending with a year, all combinations with repeats, all serial numbers and known patterns (like ABC). Then you further remove from this list all the combinations that don't have mixed case, a number and a special character.
I'm interested in knowing how many possible passwords are left?
Using 94 possible characters for an 8 character password means there are 6.09568939 × 10^15 possible passwords. Removing even 20million means you still have 6.09568937 × 10^15.
Then you remove ALL the dictionary words, all proper names, all the TSAs serial numbers, all reversed words - well, that's gotta make cracking an 8 letter password easier :-)