According to Baymard’s large scale checkout usability, “strict password rules can cause an 18.75% checkout abandonment rate among existing account users as they try to sign in.”
The real problem arises when trying to sign in. If they got forced to create a more complex password and could not use their standard one they generally use, they’re having difficulty remembering it. And this leads to abandonment, especially if they need to reset their password via email.
A low password requirement could for example be to set it to having a minimum of five or six lowercase characters. But encourage them to use a more secure password.
If you lower the requirements, you should compensate for the lower security by implementing:
- login attempt limitations
- forcing the user to re-enter their credit card information if the address is new or edited
I also recommend you clearly mention the password requirements next to or below the password field.