Consider using zxcvbn as an algorithmic alternative to password composition policy — it is more secure, flexible, and usable when sites require a minimal complexity score in place of annoying rules like "passwords must contain three of {lower, upper, numbers, symbols}".
P@ssword1
For further detail and motivation, please refer to the USENIX Security '16 paper and presentation.