Manual:$wgPasswordPolicy

Details
A password policy is of the form


 *   etc. are rights>Special:MyLanguage/Manual:User rights#List of groups|user groups, plus the special group  which is required to be present and applies to everyone.

If the same check applies to a user via multiple groups, it will be applied with the   of the values.
 *   etc. are arbitrary check names, defined in the   subarray.

Default checks (found in  ): Minimum length a user can set Passwords shorter than this will not be allowed to login, regardless if it is correct. Maximum length password a user is allowed to attempt. Prevents DoS attacks with pbkdf2. Password cannot match username Username/password combination cannot match a specific, hardcoded blacklist.
 *   etc. are [http://php.net/manual/en/language.types.callable.php PHP callables], which receive three arguments: the defined value, the </> object and the password.