one of the clients I do work for here are their provisions and guildlines for passwords

Password criteria.
-6-8 letters mix alpha and numeric
-first position of password must be an alpha
-first three characters cannot be resused
-cannot be repeated until the 5th Subsequent change
-passwords must be kept for a minimum of 4 days
-passwords cannot contain
-Users log in ID
-Users first or last name or initials,
-characters cannot appear 3 times in a password
-last 4 of users social security number
-birthdate or year.
-cannot include names abbreviations of seasons, holidays, months, or numbers spelled out.
-no blank spaces
-no company specific common words
-easy guessed words
-adjacent keystrokes for characters or numbers. (meaning you can’t use qwerty or 1234)