Quote:
Can it be proved the latter site is less secure?
Yes. If it's known the password is all lower case letters, it take fewer combinations to go though every possible combination. It would also discourage the trivially simple passwords (like "password") that's often the starting point for any attack on the password file.
If the password must be 8 characters, lowercase only would be 26^8 or 208,827,064,576 combinations. (Or we can simplify that by using a dictionary attack under the theory it's a single word. That would be somewhere in the tens of thousands of combinations.) But require one upper, one lower and one number and we're talking 62^8 or 218,340,105,584,896  about 1045 times more complex.
