I found our support overhead from forgotten passwords went way down after we set the rules as:
1) Case Insensitive
2) No Numbers
3) Punctuation Ignored
Is this a dagger I see before me?
All the user needs to remember is the Shakespeare connection. The extra length compensates for the loss of complexity vs. a standard 8 char password with enforced l33+ speak. Most "weak password" checks I encounter will bounce "password" but allow "Password1". Pointless.