Password requirements differ for vCenter Server and for ESXi hosts.
vCenter Server Passwords
In vCenter Server, password requirements are dictated by vCenter Single Sign-On or by the configured identity source, which can be Active Directory, OpenLDAP, or the local operating system for the vCenter Single Sign-On server. See Edit the vCenter Single Sign-On Password Policy, or see the relevant Active Directory or OpenLDAP documentation.
By default, ESXi enforces requirements for user passwords.
Your user password must meet the following length requirements.
Passwords containing characters from one or two character classes must be at least eight characters long.
Passwords containing characters from three character classes must be at least seven characters long.
Passwords containing characters from all four character classes must be at least six characters long.
When you create a password, include a mix of characters from four character classes: lowercase letters, uppercase letters, numbers, and special characters such as an underscore or dash.
The password cannot contain the words root, admin, or administrator in any form.
An uppercase character that begins a password does not count toward the number of character classes used. A number that ends a password does not count toward the number of character classes used.
You can also use a passphrase, which is a phrase consisting of at least three words, each of which is 8 to 40 characters long.
Creating Acceptable ESXi Passwords
The following password candidates meet the requirements of ESXi.
xQaTEhbU: Contains eight characters from two character classes.
xQaT3pb: Contains seven characters from three character classes.
xQaT3#: Contains six characters from four character classes.
The following password candidates do not meet the requirements of ESXi.
Xqat3hb: Begins with an uppercase character, reducing the effective number of character classes to two. Eight characters are required when you use only two character classes.
xQaTEh2: Ends with a number, reducing the effective number of character classes to two. Eight characters are required when you use only two character classes.