There is limited/insufficient security with the passwords. OTRS is fairly lenient when it comes to requirements. Znuny has created an add-on for this (see URL above).
We use a couple of other Znuny patches so is it fair to assume that we have the "Znuny4OTRS-Repo" installed? It seems to be required for the patch to work.
I've added bug 60271 as a blocker to this. If the Znuny repo is set and this all checks out, it would be nice to include this with the upcoming upgrade.
Version: wmf-deployment
Severity: enhancement
URL: https://github.com/znuny/Znuny4OTRS-PasswordPolicy