ServiceStack doesn’t impose any password restrictions other than they should match.
Most auth-enabled templates include an example of a CustomRegisterValidator you can use to add additional validation to Register requests using Fluent Validation in Configure.Auth.cs.
E.g. you can use Must or MustAsync to perform custom validation that needs to perform Async I/O.
I found some examples applying password validation on StackOverflow: