Concrete5 v8 only validates a password length when registering. This adds a second validation that checks if the password uses a certain pattern. By default it checks for the presence of at least 1 lowercase letter, 1 uppercase letter, 1 number and 1 special character. Read the comment to easily modify it to your liking.

app.php

<?php
// put this code in application/bootstrap/app.php
$app->extend(
    'validator/password',
    function ($manager) use (&$app) {
        // the following pattern checks for at least 1 lowercase letter, 1 uppercase letter, 1 number and 1 symbol
        // (?=.*[a-z]) stands for lowercase letters
        // (?=.*[A-Z]) stands for uppercase letters
        // (?=.*[0-9]) stands for numbers
        // (?=.*\W) stands for symbols
        // just remove the ones you don't need from the pattern

        $pattern = '#.*^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\W).*$#';

        /** @var RegexValidator $regex */
        $regex = null;

        $error_closure = function ($validator, $code, $password) use (&$regex) {
            return t('A password must have at least 1 lowercase letter, 1 uppercase letter, 1 number and 1 special character.');
        };

        $requirement_closure = function ($validator, $code) use (&$regex) {
            return t('Must have at least 1 lowercase letter, 1 uppercase letter, 1 number and 1 special character.');
        };

        if ($pattern) {
            $regex = $app->make('\Concrete\Core\Validator\String\RegexValidator', [$pattern]);

            $regex->setRequirementString($regex::E_DOES_NOT_MATCH, $requirement_closure);
            $regex->setErrorString($regex::E_DOES_NOT_MATCH, $error_closure);

            $manager->setValidator('character_pattern', $regex);
        }

        return $manager;
    }
);