when requiring these special characters and complex passwords, sites reveal how I'd go about building a smarter algorithm to crack these passwords. when listing the requirements like the cisco site does ( 1 uppercase, 1 lowercase, 1 number, 8 to 60 characters, english characters: A-z, 0-9, @, -, _, or ., cannot match your email address or User ID) I now can limit the scope of my brute force attack massively reducing the time it takes to go through the initial list of all possible combinations.
having a unique email/username to every site absolutely adds to the security. if I had my email and password stolen from a site not using modern password system, and let's be honest, not many do, having a unique email/username on every other site means I can't take those known credentials I now know and now use them on another site.