HI,
I have not found a page where Elastic recommends a password policy. The only requirement I have found so far is this issue from 2017 which is still correct: I have checked in our 7.9.2 Kibana instance and it requires passwords to be at least 6 characters long.
Personally, I am not a create fan of special characters as they can cause problems depending on the usecase(e.g. the hash sign can mark a comment in linux, ...). Lately, I only use a-zA-Z0-9 and dash and underscore. For complexity, I use passwords between 20 to 40 characters...
Best regards
Wolfram