As a Business Administrator you can specify your own password policy requirements. You can therefore set a minimum password length and enforce other additional options, i.e. special characters, numbers, upper and/or lower case letters.
You can also add to the list of security questions which the users will have to answer upon sign-up. This allows you to define specific questions that maybe relevant to your organisation and simplifies the password reset process.
To change the password policy in any way, sign into the Administration Panel and select Policies > Passwords. You can restore the default questions at any point by clicking the 'Restore Defaults' button.