What is a set of sensible requirements on passwords?

For example, Chase.com requires

• Must contain 7-32 characters
• Must include at least one number and one letter
• Cannot include special characters (&, %, *, etc.)

I am not sure if the length and the exclusion of "special characters" are common practice. For example, I remember seeing the length is required to be 8 or less, and no restriction of punctuations on other sites.

What is a generally common set of requirements on passwords? One of the purposes is to automatically generate passwords that's compatible with large number of web sites.

What is a generally common set of requirements on passwords?

The requirements on passwords tries to ensure that it cannot be guessed.

According to: http://technet.microsoft.com/en-us/library/cc756109(WS.10).aspx

A weak password:

Is no password at all.

Contains your user name, real name, or company name.

Contains a complete dictionary word. For example, Password is a weak password.

A strong password:

Is at least seven characters long.

Does not contain your user name, real name, or company name.

Does not contain a complete dictionary word.

Is significantly different from previous passwords. Passwords that increment (Password1, Password2, Password3 ...) are not strong.

Contains characters from each of the following four groups: Uppercase letters, Lowercase letters, Numerals, Other symbols

Some websites donot require special characters while most of them require at least 8 characters in a password. Since most people have too many user accounts which makes it difficult to have a lot of good strong passwords.

In general i keep the first 8 characters of my password as letters+numerals, and special characters at the end. so that when i make a new account on a website that does not require special characters, i simply have to type the first 8 characters of my password. This saves me from guessing/generating strong passwords every now and then.