It's so annoying to have to discover the rules one rejected attempt at a time. Worse yet: sometimes you just get vague feedback a la "password contains illegal characters". I usually let KeePassXC generate a safe password for me but in that case I then have to manually permutate the different character classes (numbers, letters, spaces, punctuation, etc) until I find the offender. No good.
Password must contain an uppercase letter.
Password must contain a special character.
Not that one.
Not that one either.
Nearly had it there! Too bad you only get 5 attempts. Account locked.