MS SQL Password Complexity guidlines
Password complexity policies are designed to deter brute force attacks by increasing the number of possible passwords. When password complexity policy is enforced, new passwords must meet the following guidelines:
The password does not contain the account name of the user.
The password is at least eight characters long.
The password contains characters from three of the following four categories:
Latin uppercase letters (A through Z)
Latin lowercase letters (a through z)
Base 10 digits (0 through 9)
Non-alphanumeric characters such as: exclamation point (!), dollar sign ($), number sign (#), or percent (%).