allow complex passwords
I tried to use a password that is autogenerated by my password manager. Obviously I won't put that here, but another one generated by it is: "speed applause deceiver endpoint cash freckles polygraph mothball unsaid raffle vacant unmoved".
This is apparently "not secure" and "too easy to guess". Instead I had to make it: "speed applause deceiver endpoint cash freckles polygraph mothball unsaid raffle vacant unmoved1!"
Its worth pointing out that adding a password requirement of any kind besides length and restricting obvious dictionary sequences is well known (even by the US government via its most recent NIST standards) to result in weaker, not stronger protections, as people tend to follow the same pattern of character replacement in order to meet arbitrary complexity requirements.
I found something just as worrying, it doesn't accept anything that isn't alphanumeric. I put non-alphanumeric characters in my passwords by default but the password reset doesn't accept them.
It accepts literally the same password if I take them out (thereby making it simpler)