This is a pretty simple challenge. You have to find a password that meets the requirements below:

This challenge should be pretty self-explanatory. The only thing that may be worth noting are the last two requirements, which the following should be noted:

Some possible solutions include:

Submitting a valid password (and a non-empty username) will reveal the flag. Otherwise, the most “minor” invalid rule would be displayed to the user.