Permutations/Combinatorics question

Suppose you're trying to improve the password system for an email site. Currently, passwords have the following restrictions:

• Must be 8-12 characters long (inclusive)
• Uppercase letters, lowercase letters, and digits are allowed
• Must contain exactly one uppercase letter
• Must contain exactly one digit

Come up with a new set of restrictions that is (1) more secure against brute-force attacks, by offering more possible passwords, but still prevents users from having unreasonably simple passwords (e.g., don't allow someone to have '12345' as a password).

your answer must include the following:

• The number of possible passwords in the original system
• The number of possible passwords in your proposed restrictions