So here's the issue. Of course, PayPal is trying - rather desperately - to account for people's general idiocy and inability to protect themselves online. You can't have "password" as your password, and that's fair. But the rules are getting ridiculous. 8 to 12 characters long, lowercase and uppercase letters, numbers, symbols, no words from the dictionary. But telling people how to choose passwords will do little to make them safer.
Case in point: those family stickers people put on their cars. I passed a van on the way home this afternoon that was particularly bad. There were five family members: mother, father, eldest son, younger daughter, infant daughter. Their first names were listed underneath the images. Add to this the license plate, which usually indicates more than just state of residence - many states list the county, and if they don't, certain letter and number combinations give this information away. Specialty plates are even worse (now, not only do I know your names, your family's relative ages, and that you're from Pike County, Kentucky, but I also know you're a graduate of Auburn or a disabled veteran). Icing on the cake would be the sports stickers - they tell you the child's name, the sport they play and often what jersey number they wear at what school. And all this information is broadcast freely from the back of your car as you drive down the street.
So I implore the world... think! It's not about following specific rules in specific instances. It's about common sense. If you remember what that is.