Upper, lower, number, 8+ characters is actually a pretty loose requirement.
My standard spiel when I'm telling people the password requirements after giving them their temporary passwords is "You're going to have to change your password when you first log in. There are 4 types of characters: Upper, Lower, Digits and Punctuation; you're going to have to have at least 3 of those 4, it doesn't like your first name, it doesn't like your last name and your password must be longer than 8 characters. I recommend selecting 2 unrelated words that you can remember, changing at least one letter in each to uppercase, throwing a digit in before, after or between them and adding punctuation somewhere else."
strict password requirements are usually a requirement for regulated businesses (such as those creating back accounts). Having a secure password for an account that manages your money is a good thing!
My standard spiel when I'm telling people the password requirements after giving them their temporary passwords is "You're going to have to change your password when you first log in. There are 4 types of characters: Upper, Lower, Digits and Punctuation; you're going to have to have at least 3 of those 4, it doesn't like your first name, it doesn't like your last name and your password must be longer than 8 characters. I recommend selecting 2 unrelated words that you can remember, changing at least one letter in each to uppercase, throwing a digit in before, after or between them and adding punctuation somewhere else."