I imagine the main reason for the single capital letters is to make the password acceptable on those annoying websites with annoying requirements, not necessarily to add entropy.

If you already know it's in apple password format, then you know 1/17 of the letters are capital, but not which one so the number of combinations you have to try is multiplied by 17, for just over 4 additional bits of entropy.

You multiply the entropy of the previous word by the added entropy of the new symbol. This grows exponentially!

Extra character classes can help if you're stuck needing to make a really short password for some reason, but if you're randomly generating each symbol anyway, just tossing a few more on the end is *far* more effective. You massively increase the brute force search space with each additional symbol.

Switching one uppercase letter in an otherwise lowercase password adds exactly 1 bit of entropy (per switched letter).

On the other hand, any extra lowercase letter will increase the entropy by 4.7 bits (assuming a password on [a-z]).

Given that most passwords have at best 2 uppercase letters, I would argue it is safer to force longer passwords than passwords with at least one uppercase letter.

A 10 character password with all lowercase is 47 bits, if you do half upper/half lower it goes to 57 (using Shannon entropy).

Wouldn't that be 54.98 bits? 57 bits would be if you allowed mixed case with no constraint on how many are upper and how many are lower.

With the constraint that it has to be half upper/half lower you only get 252 times as many passwords instead of 1024 times as many.