I hate it when my low-security password is rejected by some ego-driven web site that thinks I should memorize a special password just for them.
I also hate it when a web site locks you out completely, requiring you to contact someone to do a manual reset, for failing your password three times. At work, the "enter my goals for this year for the stupid review" site is like this. It's not like this is something that lets people steal money from me, sheesh! Sure, if it was an online banking, etc. password, but most of the sites that do this don't have any information worth a lock-out with a manual admin reset.
The whole point of lock-outs was to prevent someone from trying hundreds of different passwords with a program, not "I forgot which password I have to use this month, and I fumble-fingered one of my three tries". Even a five minute automatic reset should be more than enough to prevent random automated guessing.
Even worse, do they even do a proper check that it's really you when they do the reset, especially if they have to give you a NEW password to do a reset, because their security policy is even more out of proportion with the kind of data they have?