I have been yelling about this for years. If you go to a website and they tell you outright that your password must be 12 characters, it must have two capital letters, it must have two numbers, and it must have a special character, and then they show you a list of special characters to use, are they insane?
Do they think that hackers would not read their guidelines?
Ok, says the hacker, I need 12 characters, two capital, two numbers, and one of these other characters. Ok, got it. Thanks Mr. web admin for telling me what I need to do so I don't have to waste my time on passwords that will never work.
On the other hand, if your password was 'Aaa', no one would ever guess that.
Any website that gives the hackers a tutorial on what the outline of their passwords looks like is just asking for trouble. Not only is it annoying as hell, it is the opposite of making passwords more secure.