Choosing a password
It should be fairly easy. Nothing on a list of compromised credentials. Nothing with more than two repeated characters, reasonably long (at least nine characters) but permitted to be very long (255 chars?), read XKCD, some guidance on memorable passwords, stop trying to insist that people use "special" characters and random passwords because they only way they can use those is to write them down. SpandauGold45 is a perfectly good, strong password but many sites won't accept it the same sites will accept 12345! because their rules state that a special character makes a strong password.
And, possibly, supply a password generator that applies these rules and suggests a password to the user. Render the password into a bitmap and present that to them, rather than the text.
Biting the hand that feeds IT
