In the past couple days we've run into some serious issues with macOS Catalina 10.15.3 and enforcing password complexity requirements/resetting user passwords.
When you flag the user account to require a password reset on next login it seems to work, but if they go to Reset Password themselves or you use recovery mode or a policy to reset their password, it fails because it doesn't meet complexity requirements even when it clearly does.
For example, a password of Test1024& will be flagged as not having a special character and be denied. A password of Test&102432345234ksavsaf will be flagged as not being 8 characters or more and be denied. It seems like it's refusing to register whatever the last criterion your password needs to meet even when it does. This has also led to a couple users getting completely locked out of their systems after a reboot where it won't take the new password they set and wont take the old one, likely due to some sort of Filevault mismatch, and once it's in this state administratively resetting the user's password (either via recovery mode or via policy) fails with a nondescript "failed" error.
I've done some testing on 10.15.0 systems and everything works normally, but as soon as those systems are updated to 10.15.3 it all goes wonky. Likewise with freshly imaged 10.15.3 systems.
Has anyone else had similar experiences with the latest Catalina update and password complexity requirements?
