The problem isn't password rules. The problem is the idea of security levels.
For a site like /. or soylentnews.org, just about any password should be allowable. This is a password you will likely use on lots of different sites. Also, the password should never expire. Account should be locked if a thousand bad passwords in a row are tried. The password reset should go to your email, and you should not have the ability to change your email address (but you can add a secondary email address) for a month after a password change. That way if someone breaks into your account you can get back in afterwards.
For your home computer, it should also allow any password. Passwords should never expire. The account should never be locked but you have the option of added security (ie: encrypted home directory).
For work, a more complex password that changes every six months to a year.
For your banking, a complex password that changes every year or two. Account lockout if 10 tries in a row fail.
For your email account, two factor authentication all the time and a password that needs to be changed every 3-6 months (since your email is used as a lockout to all the other possible accounts).