Change Password screen should offer clarity of minimum requirements and illegal characters

We resell access to ConnectWise Control Access to some of our customers. When we setup accounts we force the user to change their password on first login. Many times we have received questions or experienced some frustration over the process of changing password for the following reasons:

• Lack of clarity of minimum password requirements, not identified or written anywhere (or at least not obviously and clearly)
  
• Even with the rule of "minimum 8 characters, 1 upper, 1 lower, 1 number, 1 symbol" it is possible to get an error message stating 'invalid password'. Sometimes the password does not change, and sometimes despite the error message the password changes (but only find out after we log out and log back in). This is extremely confusing for both our client users and our NOC technicians. I have personally experienced both scenarios where a complex password I try (a) does not take effect + I receive an error message stating 'invalid password' (which password is invalid? the old password or the new one?) and (b) I receive the error message stating 'invalid password' + my account password changed to the 'invalid password' password (the new one) and the only way to test this is to log out and log back in trying the new password for which I received an error message

Additionally, we have had users encounter 'invalid password' with 2FA setup. They enter their credentials and hit login, then enter their Google Authenticator code and hit submit only to receive an 'invalid password' error.

I apologize in advance as some of what I write and present here is lacking in concrete reproducible steps.