There really are only two dials you can turn to increase the security of a password, and that's length of the character set (the characters that the user can use in their password) and length of the password itself.

People should be using a password manager, then they can set that to 100/200 characters. Even if all lower case, it will be unbreakable (assuming a modern/secure one way hashing algorithm, and the password manager is truly random.).

If they are not using a password manager and use something like `waterfall!X` (because you enforce a special character and capital letter) you haven't actually increased entropy by that much, compared to a longer password. Them making up a 100 character password will almost guarantee more entropy than a short password they make up like `waterfall!X`

Also, because it's the internet [1]:

1. https://xkcd.com/936/