By very well thought out I mean the rules that are obvious. For example Google and other big companies use 8-chars minimum. That means attacker could start with 8-chars length password if brute forcing. It makes his job more efficient. But it also means there are way way more combinations that people will use. Also there's a check where they specifically test for obvious passwords like “12345678” or “Password1” as you mentioned above etc. That's the correct way to do password check. Work exactly as crackers would work. This type of check doesn't decrease security but increases it a lot.

Also attackers will look for generic passwords first anyway. It doesn't matter if you optimize your password for brute force because that is used only for cases where you already have access to the password database itself. And always as the last resort. If there's just a website with password field you won't ever use brute force.

The password you recommended might be longer but it is less secure because it has a clear structure. Few words put together without spaces. Dictionary attack would crack this password with a blink of an eye. Creating a password is a very big issue that doesn't deserve being resolved in one sentence. It cannot be. You shouldn't advise people how to create a password like this.

As you can see, these checks doesn't have to be pain and still can be secure. It won't be the most pleasurable experience for you if you have really bad password but it will be if you make sure you're account is secure. Also the context matters. There are apps where security is critical. Other apps where it's not.