directadmin.conf option to allow enforcing users to use difficult/strong passwords. Option is: enforce_difficult_passwords=1 The default is enforce_difficult_passwords=0, so this will not change anything unless you turn it on. If enabled, all places that have users enter a new password will be enforced. Locations that you enter a password but it's only for a password match are not enforced. Example, the cluster option requires a password for a remote server. This example would not be checked because it's up to the other box to use difficult passwords. The password checking script is: /usr/local/directadmin/scripts/difficult_password.php If you wish to make changes to it, copy it to: /usr/local/directadmin/scripts/custom/difficult_password.php The default enforcements are both upper and lower case. Must include numbers Must be 6 or more characters long. There is also a commented out check which you can enable, to require users to include "shift characters, like !@#$, etc..