When using the SqlServerMembershipProvider for users within EPiServer, it is possible to apply a Password Policy with settings such as minRequiredPasswordLength and minRequiredNonalphanumericCharacters in the web.config file.When using EPiServer Relate, Community users are managed using the EPiServerCommonMembershipProvider. Is there a way to apply a similar and/or more comprehensive Password Policy using this provider?
The short and cruel answer is -> No, it does not. The EPiServer.Common.Web.Authorization.MembershipProvider overrides the membership provider properties MinRequiredPasswordLength and MinRequiredNonAlphanumeric Characters, but they have hardcoded 0 as a return value. It does not support reseting the password either (ResetPassword is not implemented) + question and answer password resets.
You could try to inherit from this membership provider and override EPiServer overrides with your own values + add validation logic to the ChangePassword method before calling base.ChangePassword(...) if the validation succeded.