Password strength is now everything, and they force you to come up with passwords with digits, special characters, upper-case letters and whatnot. Apart from being a usability nightmare (even I as a developer hate it when a website requires a complex password), what are the actual benefits of having strong passwords (for website authentication)? Here are the prerequisites of a system that handles authentication properly:

• store passwords using bcrypt (or at least use salt+hash) - hard-to-impossible to find the original password when an attacker gets the database
• lock subsequent password attempts with a growing cooldown - no brute-force via the site