This is the password policy used by WPSec.
All our passwords are hashed with Bcrypt or Scrypt. Passwords must be at least 10 characters long and meet our complexity requirements.
We use a score with 1 of the password strength and the Zxcvbn password strength check tool.
Internal password policy
All administration is made by two factor authentication and hardware onetime tokens. We also use certificates in top on that. Passwords needs to be at least 20 characters long.