There are still quite a few bugs open. I dropped this for a project, partly because it adds a load of clutter with the 'resets' and reset dates.
The minimum password policy in Drupal is already 12 characters anyway (and one issue is changing the minimum length doesn't change the help text.)
You need to enable the submodules to use the various constraints:
drush pm:list | grep 'password_policy_'
Admin users see password policy stuff on the user profile page.
You need to set password reset days to 0 if you don't want to enforce a reset policy.
Policies can be applied by role.
You get a generic warning about the password 'not matching the password policy'. Suggest using string overrides to change the "To change the current user password, enter the new password in both fields." message users see.
Instructions: add/edit the policy, click next, choose constraint then click 'Configure constraint settings' otherwise you won't be able to change anything.
It also lets you do a forced reset by role.
Password policy
module_name
password_policy
Description
Categories
Tested by me
Yes
Drupal 8 support
Yes
Essential
No
Avoid
Yes
Deprecated
No