The recipe for a good password is not an easy one. It needs to be at the same time easy for the user to remember and hard for the computer to guess. Unfortunately past (and too often current) rules for the password complexity have been exactly the opposite.
First rule of password: Length
Complex strings with special characters does not create memory association to concrete words, items or memories which makes them really hard to remember. Humans can remember short random strings but soon as strings length increases it becomes harder to remember.
Second rule of password: Entropy
Entropy tells us how many character combinations could exits for any given password. Entropy is usually expressed as bits giving us binary logarithmic expression of password quality. Exact formula is log2( (sum of possible characters)length).
If your password requirement is one digit and one digit only, your password could be anything from 0 to 9. Single digit from 0 to 9 can be expressed in bits of 00000000 (0) to 00001111 (15) giving us entropy of four (bits), ie. log2(101)=3.3219 ≈4.
If your password requirement is exactly eight alphanumeric characters then your passwords entropy would be binary logarithm (log2) of exponent of length (8) of possible combinations (26 lowercase, 26 uppercase and 10 digits), ie. log2((26 + 26 + 10)8) ≈ 48 bits.
Third rule of password: It’s easy to remember
Human brains are exceptional bad at remembering random characters or strings. Brain’s memory works by creating links to things you need to remember. If you need to remember something where there is nothing link it against, it becomes much harder to remember. By choosing common words as password (your brain has already created links for those words), the password is much easier to remember.