No offense Jeff, but you are behind the times. You should do some research on the state of the art in password cracking. Password = "correct horse battery staple". Cracked. Password = "Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess". Cracked. Any sentence written in this Discourse discussion used for a password. Cracked.
See, some time ago, password crackers started polling all books in existence and many websites and forums for phrases including combinations of nonsensical words. Using a long password but one made of words will no longer protect you.
What is really needed is a second factor and/or a separate authentication store (such as your email provider, Google, etc.). Two-factor is why we can have four digit pins with Debit cards and still be relatively safe. If you add a second factor, the problems of password complexity go away. Delegate authentication to another provider (email, Google etc.), and again, (your) password complexity requirements go away.
As does often happen in software development, the best solution is to not build something new and instead rethink the problem.