In Patch 3, the OpenSSO Console checks for a minimum password length of 8 characters for new users and for existing users who are changing a password.