Login passwords currerntly enforce unnecessary format restrictions that are hindering the use of password generators. Characters < > cannot be used, and there also is a requiement to include at least two digits. Most hashing password generators use all printable characters (as they should), and ensure only the occurrence, but not the quantity, of character classes, i.e. 1 of each printable chartacter classes (uppercase, lowercase, numeric, special).
Suggestion: allowing all printable characters and only requiring a minimum of 1 character from each intended class (occirrence only) would make Box login passwords compliant with the vast majority of hashing password generators and thus massively improve login security. There also is a cryptographic advantage to not necessarily requiring, but allowing all classes. At the same time, requiring a minimum password length of only 8 as per current implementation is grossly insufficient (we love Box, but it's not the 1990s anymore).