As of SFEE 4.2, it is possible to configure the application to reject passwords that do not meet your security criteria.
To enforce password requirements, place the following lines into /usr/local/sourceforge/sourceforge_home/etc/sourceforge_configation.properties:
system.password.min-length=5 password.requiresNumber=true password.requiresNonAlphaNum=true password.requiresMixedCase=true
Once these lines are in place, restart SFEE for them to take effect. The above example would require a password of at least 5 characters that must include at least one (1) mixed case letter, at least one (1) number, and at least one non-alphabetic character, e.g. Us3r!
NOTE: These settings only take affect for new passwords. Anyone in the system currently will be able to continue to use their existing, potentially weak, password. You should force all users to change their passwords after changing these.