Using v1.90, I can't seem to enforce password strength amongst my customers. A customer can register with a password containing as little as one character.
I see where the StoreMembershipProvider seems to set minRequiredPasswordLength to '7' and minRequiredNonalphanumericCharacters to '1', but these don't seem to be reflected in the membership provider in the web.config.
The problem I'm having is that there don't seem to be any password strength requirements enforced.
Even registering via the demo site at demo.nopcommerce.com, I can register as a user with a single character password. This doesn't comply with our business requirements, so I need to configure the application to require a strong password.
I see where it seems to be set in the code, but just doesn't seem to be required when the user actually registers.
I considered implementing the strength meter as was shown in the example you referenced, but unfortunately this is still outside of our security requirements. The meter will tell the user that they're selecting a poor password, but the app will still allow it to be selected.