I am using meteor-useraccounts for user account functionality. So far it works great, however I need to enforce password complexity specifically on the reset password screen (after the user clicks the email link). Is there a way to hook that functionality conveniently that anyone knows of?
Users cannot register for this service, so enforcing it when an admin creates the account is easy, but its meaningless if the user can just send a forgotten password request and bypass it.
You might want to start with enforcing your password requirements on the client. Then, on the server you could probably use on the Accounts.onCreateUser API to verify that the password meets those requirements.
As @msavin suggested, enforcing client-side requirements is a good start. For that, we’ve found this package to be very helpful in evaluation and providing suggestions.