This simple plugin allows the WordPress site administrator to enforce minimal password requirements on its user.
Anything except an empty string can be use as a password in an out of the box WordPress installation.
Short passwords using a small character set are vulnerable to brute force attacks. Also, IT deparements in large organisations will often request minimal security requirements before deploying an app; this extension can help you cut throught the red tape.
WordPress hashes passwords before storing them in its database. You can not determined the original password from its hashed. So it's impossible to validate existing password to see if they meet your requirements. This extension will only validates passwords when the user updates his profile.