as per
https://bugs.koozali.org/show_bug.cgi?id=12991Password rules:
none: Minimum length only.
normal: Minimum length, at least one uppercase and one lowercase letter.
intermediate: Minimum length, at least one uppercase, one lowercase letter, and one number.
strong: Minimum length, at least one uppercase, one lowercase letter, one number, one special character, and dictionary check.
pasword minimal length could be set, default is 12.
we removed the initial obligation for specific characters. it does not help that mich in bruteforce and limit ability for user to remember the password, which reduce the strength of it.
see
https://www.hivesystems.com/blog/are-your-passwords-in-the-greenif using lowercase only this is good for years. of course if you use digits only, way less efficient.