Even some of the best web services fail with the last mile. It took minutes for me to fulfill all the password requirements for this web service:
The whole process with the passwords is unsatisfying at best and downright painful at worst (like in the example stated below). The passwords in general are not safe and the whole idea of doing a random list of characters, numbers mixed with upper and lower case is quite outdated. It is more annoyance than something that truly improves your security.
If even Edward Snowden is advocating passphrases, I would recommend majority of web services to change their password policies to favor passphrases (e.g. icanuse4wordsbaby instead of tRes4$Ce). It would improve both security and user experience. And as a user you would also remember your passwords better.
Stand-Up Strategy 