Why are you forcing me to a certain pw format?

I feel your pain. I usually prefer to use a long lower-case string instead of a short mixed-case string with numbers or punctuation. A large amount of users pick incredibly insecure passwords though, so it's necessary to enforce some type of minimum password strength limits.

The current password checker enforces a minimum length and minimum character type variety, but it should in theory be just as good to go with a more complex system which computes the effective number of bits of information and limits based on number of bits instead. This would allow any password style, so long as it's sufficiently random.

To get this changed, the most direct approach would be to file a bug against SSO requesting an enhancement to the password restrictions. It probably won't be a high-priority task, but that doesn't mean it won't happen. If you file a bug, please link this question to it for reference.

Relevant!
http://xkcd.com/936/

Just an update... We've got someone working on algorithms to calculate password entropy and policies for enforcing a minimum level of security. Nothing is officially decided yet, but I'd be surprised if we don't have a significant password-strength improvement rolled out in the near future.

Okay, the plan for the short term is to lift the requirement for 3 different types of characters, to add some real-time feedback on password strength, and to add some documentation explaining why users should use strong passwords.