Dear owner-of-a-random-web-startup,

Thank you for starting your brand new, awesome web service. But, please don’t expect me to use it, if you ask me to have a password with atleast one upper-case letter, one numeral, one symbol and one unicode hindi character and 20 hebrew characters. Is it really so essential to enforce such complicated rules on my passwords, making it difficult for me to remember what password I used? Isn’t OAuth and OpenID so much easier to use? If you really want to enforce such complex rules on my password, at least show the arbitrary rules you enforce on me, at the login prompt too!

Sincerely, A frustrated-web-monkey