Bad Password Rules can impact the User Experience

The company ADP.ca offers payroll services to enterprises.  They provide their clients' employees a portal where they can see and download their pay statements in PDF.

So far, this is great.  What is not great is that the first time employees access the site, they have to choose a password.  Look at the rules they have for choosing a password : 

There are way too many rules.  In fact, there are so many rules that they cannot even keep track of all of them themselves.  In the above picture we see that the password must contain at least 1 special character but when you try to enter a password with more than one special character, it gives you an error message, similar to the text above, saying that there must be only 1 special character!!!

By focusing on security above all else, they have stricter password rules than my own bank, they have sacrificed the experience of their clients' employees.