On the other hand, if the company doesn't set any standards a hacker will probably get half of the passwords by the time he reaches 5 character length.

You really need to set a resonable mininum on these things. But at the same time you need to realize that everything you fix is another piece of information that a hacker might be able to use to narrow his search space.

If you don't require a mix of letters and numbers, most people won't and a smart hacker will push them to the bottom of his search routine. Odds are this will save the hacker more work then the reverse, where the hacker knows he can leave all pure character passwords off the list entirly.

Jay