The password min length needs to be set in your server Web.config file, e.g.
<add name="Telligent.EvolutionSqlProvider" type="Telligent.Evolution.AspNetMembership.MembershipProvider, Telligent.Evolution.Platform" enableMultipleEvolutionSites="false" connectionStringName="SiteSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed" applicationName="dev" description="Stores and retrieves membership data from the local Microsoft SQL Server database" maxInvalidPasswordAttempts="5" passwordAttemptWindow="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" />
And yes, Steven is right, you can specify some regex for the password .. that can be non-trivial to figure out & is hard to check it's behaving as expected. It can also have trouble with non-ascii characters (e.g. accented foreign characters).. something which is a pain to include in the regex.
Here's the one we're using if it helps; https://regex101.com/r/EozM0X/2
We ended up doing a bit of widget customisation to put in a password strength meter, since it's not obvious to the user what the rules are without it;
