Enforce password policy on initial setup

Currently, the user may choose whichever password they want, even if it's a single character. Instead of relying on users to think about it, we should enforce a password policy that prohibits simple passwords.