While I was trying to create a new website (the hobby kind of site, not the business kind), I encountered a problem: user login.

And yes, I'm a beginning coder. I need the five-year-old-level of this.

My friend saw me code the more typical "one-uppercase, one-lowercase, one number, and one special character" version with a minimum of 12 characters. That that's when he hit me with both the US National Institute for Science and Technology (NIST) guidelines guidelines (800-63b) and XKCD comic about Correct Horse Battery Staple.

But then someone else overheard, and sent me this rather awful slippery-slope straw-man article. And when I went to get the actual thinking behind each, I found there was more subjectivity than sound reasoning.

The debate quickly devolved into each side calling the other side names like "idiot" and "fascist", while neither side really made its case (other than taking lots of time to show me "what ifs" and engage in slippery-slope, strawman, red herring, and various other fallacious arguments).

So, what's the actual logic behind the answers? Can you please explain to me the actual thinking as if I'm five years old?