Very user-friendly, but not exactly secure. Each bit of information you volunteer to unauthorized user reduces the work the attacker has to do to gain access.
As for "how many expected" - limiting the password length is not exactly a good idea in any case.
I just mean if you do limit the password length or character type, please remind me at the login screen, because there's no way I will remember across sites who wanted 6-8 characters from [aA9$_!#] and who wanted 12-16 from [a9-].
I'd rather just use password manager. Site saying "I have passwords of up to 8 chars" just makes me feel uneasy. Also creates a bigger barrier for fixing it to do the thing right.
Very user-friendly, but not exactly secure. Each bit of information you volunteer to unauthorized user reduces the work the attacker has to do to gain access.
As for "how many expected" - limiting the password length is not exactly a good idea in any case.