Create a new Entity with generalization on System.User (or use the one in Module Administration). On that Entity you can enforce whatever you want.
Otherwise you can also use a microflow to enforce and put the microflow behind the Save button in the New/Edit form of users
Another good one: http://www.nakedpassword.com/
Probably best idea to embed it in your application, and users won't ever complain about password complexity anymore. ;]
And a very good password strength calculator is described at http://www.passwordmeter.com/ (+ downloadable code)