Let's play a game.
Theme: Security awareness - grey-hat style.

How to play:
Post the name of the site followed by actual bad-password restrictions of well-known companies in the comments.

If no-one beats me to it, I plan to share some of the more alarming ones(or all) on a twitter and tag the relative companies as well as various security enthusiasts.

Verizon:

Good:
* Case Sensitive
* Upper and Lower Case Allowed (not required)
* Special Characters Allowed

Bad:
* 8-20 characters
* At least 1 Letter and 1 Number Required
* No Spaces Allowed
* Cannot be an Easily Guessed Password

Three Austria Customer Zone (3Kundenzone, password reset page located at: https://drei.at/selfcare/...)

Ist zwischen 6 und 20 Zeichen lang
Enthält mindestens einen Kleinbuchstaben
Enthält mindestens einen Großbuchstaben
Enthält mindestens eine Zahl
Darf keine Sonderzeichen enthalten.

Bad:
- Must contain at least one lowercase letter, one uppercase letter, a number
- 6 to 20 symbols
- No special characters

No, seriously. Fuck this provider.

EasyBus:
- No uppercase
- No spaces
- Between 8 and 16 characters

And to top it off, 'forgot password' emails you your username and password in plaintext!

I just noticed that my comment above still contains the requirements in German lmao