If there are no rules on what is in a password many people may set their password to “password”. Now other than that being stupid, if I know there are no rules to make them use numbers, uppercase and special characters, the number of possibilities is much smaller. So in this scenario, the biggest possible combinations for an 8 character password is 26^8. If you throw in upper case, it becomes 52^8. Numbers take it to 62^8 and lets say 8 special characters makes it 70^8. At 26^8 passwords to try, that is about 206 billion combinations. For 70^8 that goes to 576 trillion passwords that you’d have to try.

The important part is having strong rules in place that at least allow for all characters and to treat them as the upper / lowercase that they are. Don’t automatically convert the password to uppercase and use that because you just ruined the requirement for mixed case.