Changing password policy settings in Membership provider

The default password strength is set to a minimum password length of 7 characters with at least 1 non-alphanumeric character for both SqlMembershipProvider and ActiveDirectoryMembershipProvider.

If you need to configure your membership provider to enforce specific strong password rules, you can use some very handy regular expressions, or you can set specific max and min requirements for numeric, alhpabetic and alphanumeric characters.

Using minimum length and non-alphanumeric character

 <membership ...>
  <providers>
    <add minRequiredPasswordLength=10 minRequiredNonalphanumericCharacters=2 .../>
  </providers>
 </membership>

Using regular expression

 <membership ...>
  <providers>
    <add passwordStrengthRegularExpression=
                    "^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,10}$" .../>
  </providers>
 </membership>