Email/Password Auth currently only validates passwords to be from 6 to 20 character long.
We need more requirement options, such as:

Minimum length, which must be at least 6 characters but fewer than 99 characters. User chooses the min and max option.
Require numbers
Require a special character from this set:
^ $ * . [ ] { } ( ) ? " ! @ # % & / \ , > < ' : ; | _ ~ `
The plus "+" and minus "-" sign do not meet special character requirements.
Require uppercase letters
Require lowercase letters