> The "character class" requirement really doesn't add much security.
If you're generating your passwords randomly (using a password manager) it actually reduces security because it reduces the set of acceptable passwords.
Requiring special characters also reduces the set of allowable passwords by eliminating all passwords that don’t contain at least one special character. The best practice for maximizing the set of acceptable passwords would be to allow, but not require, special characters (and to allow as many of them as possible, not the narrow subset of special characters applications often allow).
That might be the only way to guarantee secure passwords across a platform/company. Of course, then you have to make sure people don't write it on sticky-notes under their desks...
Like how the Nazis thought they were so clever for preventing the enigma machine from repeating letters in the output. You’ve just reduced your entropy, sucka !
