Invalid character: A password should only contains vowels, odd numbers, and be at least 17 characters long.
I’m tired to see systems where I can’t enter the password “I love chocolate”, because spaces are not allowed. I am tired of systems which require me to use at least 1 uppercase letter, 1 lowercase letter, and 1 number but let you enter a 3 characters password. “my fancy password is very secret” is much more resistant to brute force attacks than “aA1”.
Instead of coming up with stupid rules that don’t really protect anything, use a password strength meter and let the user enters what the hell he wants! People are not stupid, they know that their bank password is more important than their Reddit’s password. If I want to have “123” as a password, that’s my reponsability.