The weak link is people’s predictable nature in picking passwords. Even long, complex ones. Researchers have apparently proven this to be the case. They even won first place in a major security conference. What it means is the more complex things are, the more likely people are to take shortcuts. A natural instinct is to streamline things. It seems that undermines security efforts in choosing a password.
Web sites with sign-up and password change forms are actually increasing the odds of a security breach based on the findings in the article. On the other hand, you might slow membership growth if getting into a website proved too onerous. What a website advises as the minimum standard for a password should be taken as a suggestion.
The real advice in creating a password is to be as random as possible. A long or short password matters less than the uniqueness of that password. The choice is yours. When it is possible to do so, go beyond the standard to improve the strength of your password.