Extended password validation based on hooks and PasswordValidator interface.
Thanks for the suggestion!
In this case, i think it is over-engineered to add logic of password validators in core. Why generalise password validators, when we have only one in core? The goal of course is to let plugins add more validators. But In this case, IMHO it is enough to add a new event called 'UsersManager.checkPassword' in this method. Then any plugin could throw an exception when password is not valid. (and plugins can decide for themselves to implement password validators).
Looks good to me!