You can constrain passwords selected by your users to obey whatever rules you choose to define. In your application initialization method, send a one-argument block to TLLoginComponent>>#passwordValidator:. This block will be passed the candidate password. The block should evaluate to nil if the password is acceptable, or to a string containing the error message to be shown to the user if it is not. The validator block is evaluated during user registration, when the user changes their password in the EditAccountComponent, and when the user resets their password when it has been forgotten.
Here is an example from TLTestApp:
loginComponent passwordValidator: [ :pswd |
self validatePassword: pswd ].
^ password size < self minimumPasswordLength
'Password must be at least ',
self minimumPasswordLength asString,
' characters long.']
ifFalse: [ nil ]