At least eight characters, one lowercase and uppercase letter, one number and one special characters. Should not contain parts of the username or email.
There are no external authentication services configured. See this article
for details on setting up this ASP.NET application to support logging in via external services.