Password Restrictions vs No Restrictions
When a user is presented with a password creation form of any kind, is it necessary to add parameters to their password so it meets certain security requirements (complexity etc)? These parameters must be displayed to the user so they know when their password is valid but... this also means anyone that's trying to guess someone elses password now has a template to go off.
For example, "you must have at least 1 upper and lower case character as well as a number and symbol."
Does restricting the free choice of a password in a form cause a poor user experience by forcing validation when it may actually have a negative effect?