CloudStack does not enforce complexity rules for user passwords even in its built-in user database. For some accounts in particular, such as the root domain admin, it would seem a good idea to have some minimum requirements. Empty passwords, for example, should not be allowed. What do you think about having a blacklist of unacceptable passwords (e.g., “password”, “admin”, etc.) for the rood domain admin?
