The default password strengt requirements in eZ Publish and eZ Platform, out of the box, are too low. A conscientous admin will improve these, but our defaults should be safer. I propose 10 characters as the default minimum length. (8 is common, but there are indications that this is not safe enough anymore.)
eZ Platform also supports quality checks: upper/lower case, digits, special chars. I propose to enable these as default, except special chars (to reduce the annoyance factor).