ZC 1.3.8a
This is what I've found.
Admin initially allows a minimum of say, 0 characters for password.
The customer sets a 3-character password.
Then admin increases the minimum to 4 characters.
Customer can still log in, but if she wants to change her password to more characters, say 5, she will get a error popup message saying password requires a minimum of 4 characters. No doubt the customer will feel a bit confused.
I'm guessing it's because the script checks the length of old password. If so, then I think it would be better if the script checks the new password instead.