Your rules for an online password are too tedious and not always accepted when followed to the letter. This results in multiple frustrated attempts to get it to work. This security effort is harder than most online bank accounts! If you insist on the tight rules, make them more clear. For example, ONLY one number, ONLY one Capital letter, etc. And for heaven's sake make your program accept the input that matches the rules you lay down.
Second beef: why the constant prompts to reset a VERY strong password? Your rules don't play well with password managers such as LastPass, causing frequent customer frustration.