System-wide password policies are accessible from the Password policies link on the General User Settings dialog box, found in the Users panel. The Password Policies dialog is shown below. For security, it is recommended that must have at least 6 characters, must be mixed-case and must contain a digit are enabled.
Store encrypted passwords is not enabled by default. Usually, passwords for non-Windows users are not stored for security reasons. Instead, a hash of the password is stored, and when users log in, the hash of the password they supply is compared with the stored hash.
If Store encrypted passwords is enabled, passwords for non-Windows users will be stored in encrypted form. This is less secure than using a hash, but does mean that the adminstrator is able to retrieve passwords.
Note that Windows users do not have passwords stored by CompleteFTP in any way. Instead, standard Windows authentication is used.
Permit password changes is not enabled by default. If it is enabled, non-Windows users can use the SITE command CPWD to change their password. SFTP also has a mechanism permitting the changing of a password (which must be supported by the SFTP client).
Must be mixed-case, must contain a digit, and must contain a special character are not enabled by default.
Any passwords that are less than the Minimum password length will be rejected.