Make password requirements configurable and document them
Currently, the hard requirements for a password are
- at least 8 characters
- at least 1 number
- at least 1 lower case character
- at least 1 upper case character
- at least 1 special character
Ideally, this should be configurable. In any case, we have to make the requirements much more transparent to the users.