diff -Naur bugs-old/account_update.php bugs/account_update.php
--- bugs-old/account_update.php	2009-04-09 22:16:33.000000000 -0500
+++ bugs/account_update.php	2009-04-09 22:49:14.000000000 -0500
@@ -85,8 +85,29 @@
 			trigger_error( ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR );
 		} else {
 			if ( !auth_does_password_match( $t_user_id, $f_password ) ) {
-				user_set_password( $t_user_id, $f_password );
-				$t_password_updated = true;
+				$t_password_minimum = config_get( 'password_minimum' );
+				if (strlen($f_password) < $t_password_minimum) {
+					error_parameters( $t_password_minimum );
+					trigger_error( ERROR_USER_PASSWORD_TOO_SHORT, ERROR);
+				} else {
+					if (auth_is_password_complex($f_password)) {
+						user_set_password( $t_user_id, $f_password );
+						$t_password_updated = true;
+					} else {
+						$t_password_complexity = config_get( 'password_complexity' );
+						switch ( $t_password_complexity ) {
+							case 1:
+								trigger_error( ERROR_USER_PASSWORD_NOT_COMPLEX_1, ERROR );
+								break;
+							case 2:
+								trigger_error( ERROR_USER_PASSWORD_NOT_COMPLEX_2, ERROR );
+								break;
+							case 3:
+								trigger_error( ERROR_USER_PASSWORD_NOT_COMPLEX_3, ERROR );
+								break;
+						}
+					}
+				}
 			}
 		}
 	}
diff -Naur bugs-old/config_defaults_inc.php bugs/config_defaults_inc.php
--- bugs-old/config_defaults_inc.php	2009-04-09 22:15:40.000000000 -0500
+++ bugs/config_defaults_inc.php	2009-04-09 23:25:43.000000000 -0500
@@ -182,6 +182,16 @@
 	# Set to OFF to disable this control
 	$g_max_failed_login_count = OFF;
 
+	# Password Complexity
+	# OFF = Disabled
+	# 1 = Requires a mix of upper and lower case
+	# 2 = Also requires at least 1 Number
+	# 3 = Also requires a special character
+	$g_password_complexity = OFF;
+
+	# Minimum Password Length
+	$g_password_minimum = 3;
+
 	# access level required to be notified when a new user has been created using the "signup form"
 	$g_notify_new_user_created_threshold_min = ADMINISTRATOR;
 
diff -Naur bugs-old/core/authentication_api.php bugs/core/authentication_api.php
--- bugs-old/core/authentication_api.php	2009-04-09 22:16:10.000000000 -0500
+++ bugs/core/authentication_api.php	2009-04-09 22:26:41.000000000 -0500
@@ -297,6 +297,28 @@
 		return $t_confirm_hash;
 	}
 
+	# --------------------
+	# Determines whether the password meets complexity requirements
+	function auth_is_password_complex( $f_password ) {
+		$t_password_complexity = config_get( 'password_complexity' );
+		if ($t_password_complexity == 'OFF') return true;
+
+		# Check for upper case letters
+		if (strtolower($f_password) == $f_password)	return false;
+
+		# Check for lower case letters
+		if (strtoupper($f_password) == $f_password)	return false;
+
+		# Check for numbers
+		if ($t_password_complexity > 1 && str_replace(array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9'), '', $f_password) == $f_password)	return false;
+
+		# Check for special characters
+		if ($t_password_complexity > 2 && str_replace(array('!', '@', '#', '$', '%', '^', '^', '&', '*', '(', ')', '-', '_', '+', '=', '{', '}', '[', ']', ':', ';', ',', '.', '?', '~', '|', '\\', '/'), '', $f_password) == $f_password)	return false;
+
+		# Everything checks out
+		return true;
+	}
+
 	#===================================
 	# Cookie functions
 	#===================================
diff -Naur bugs-old/core/constant_inc.php bugs/core/constant_inc.php
--- bugs-old/core/constant_inc.php	2009-04-09 22:48:52.000000000 -0500
+++ bugs/core/constant_inc.php	2009-04-09 22:48:32.000000000 -0500
@@ -245,6 +245,8 @@
 	define( 'ERROR_USER_REAL_MATCH_USER',		807 );
 	define( 'ERROR_USER_CHANGE_LAST_ADMIN',		808 );
 	define( 'ERROR_USER_REAL_NAME_INVALID',         809 );
+	define( 'ERROR_USER_PASSWORD_NOT_COMPLEX',         810 );
+	define( 'ERROR_USER_PASSWORD_TOO_SHORT',         811 );
 
 	# ERROR_AUTH_*
 	define( 'ERROR_AUTH_INVALID_COOKIE',			900 );
diff -Naur bugs-old/lang/strings_english.txt bugs/lang/strings_english.txt
--- bugs-old/lang/strings_english.txt	2009-04-09 22:15:17.000000000 -0500
+++ bugs/lang/strings_english.txt	2009-04-09 22:46:03.000000000 -0500
@@ -267,6 +267,10 @@
 $MANTIS_ERROR[ERROR_VERSION_NOT_FOUND] = 'Version "%s" not found.';
 $MANTIS_ERROR[ERROR_USER_NAME_INVALID] = 'The username is invalid. Usernames may only contain Latin letters, numbers, spaces, hyphens, and underscores.';
 $MANTIS_ERROR[ERROR_USER_REAL_NAME_INVALID] = 'The user real name is invalid.';
+$MANTIS_ERROR[ERROR_USER_PASSWORD_TOO_SHORT] = 'Your Password must be a minimum of %d characters.';
+$MANTIS_ERROR[ERROR_USER_PASSWORD_NOT_COMPLEX_1] = 'Your Password does not meet complexity requirements.  It should use a combination of upper and lower case letters.';
+$MANTIS_ERROR[ERROR_USER_PASSWORD_NOT_COMPLEX_2] = 'Your Password does not meet complexity requirements.  It should use a combination of upper and lower case letters and numbers.';
+$MANTIS_ERROR[ERROR_USER_PASSWORD_NOT_COMPLEX_3] = 'Your Password does not meet complexity requirements.  It should use a combination of upper and lower case letters, numbers, and special characters.';
 $MANTIS_ERROR[ERROR_USER_DOES_NOT_HAVE_REQ_ACCESS] = 'User does not have required access level.';
 $MANTIS_ERROR[ERROR_USER_REAL_MATCH_USER] = 'The "Real Name" chosen matches another user\'s login name. Please choose another.';
 $MANTIS_ERROR[ERROR_SPONSORSHIP_NOT_ENABLED] = 'Sponsorship support not enabled.';