Another thing, continuing a little bit from this topic: It has always irked me (not in Discourse, but elsewhere) when I forget my password, but I’m also unaware what the original password requirements were, so I don’t know what I would have chosen as my password. I then do a password reset, am reminded of the requirements, and end up choosing the same password I had originally.
Displaying the password requirements after the second or third failure would be a nice feature. It doesn’t detract from security, because password requirements are not fundamentally sensitive (i.e. they are displayed to all new registrants).