The question relates to passwords users input while creating an account, for example, to register with some web-page.

I have encountered web-sites that require users to input lower and upper-case letters with numbers and special characters... some web-sites go to an extreme, requesting users to follow strict guidelines.

Is all of that really necessary?

What are some of the simplest and minimal rules to follow creating a safe user password? At which point does it become a placebo?

Complex password rules will usually not lead to more safe passwords, really important are:

1. A minimum length, even if you follow best practise for storing passwords, short passwords can be brute-forced too easily just by trying out every combination. At the moment this means that you should accept no less then 8 characters as an absolute minimum (the more the better).
2. Another measure you can take is, to maintain a list of the most common passwords and reject the most used passwords.

People cannot remember tons of strong passwords, and complex rules can interfere with good password schemes. If the good password is rejected by one of the rules, users often switch to a weaker password.

On the other hand, even strict password rules cannot prevent weak passwords. People can get very inventive to bypass such rules, e.g. by using weak passwords like Password-2015 (this is accepted by most rules). If a rule require at least one numeric character, it will usually end up as the last character password1, that makes brute-forcing not really more difficult.

If you overdo with with complex rules, often you end up with weaker passwords instead of stronger ones. To improve the passwords you could encourage your users to invent a password phrase, maybe with an example like ILikeToSleepUntil8InTheEvening.

There is a large difference depending on what is being protected, that is what level of security is really needed. Evaluate your needs in $.

That said it is really hard to come up with rules to create passwords that fall far down the crack lists. If it is my information I want to be able to use anything including really stupid passwords if I don't need the security. Coming up with and remembering good/hard passwords is not easy. Make it really hard and people will start relying on password reset and that is bad.

There are password lists , SecLists is probably the biggest compilation. Take a look and you will realize how simple rules don't work.

See How To Safely Store A Password for information on bcrypt.

While the above site says that bcrypt is the only choice that is not true, another good choice id PBKDF2 (Password Based Key Derivation Function 2) which is a standard and also available on most systems.