There are two sets of validations at work for the password field. The first one is the spry validation, this will be triggered if you enter less than 6 characters into the field. This is controlled in the spry code at the bottom of the page:
var sprypassword1 = new Spry.Widget.ValidationPassword("sprypassword1", {validateOn:["blur"], minChars:6, });
There are also server validations, they are validating for entry length, numbers, and letters. So to pass the server validations you will need at least 6 characters including numbers and letters. Here is the individual server validations that control this, you can remove any one of these that you do not want:
entry length
$WAFV_Errors .= WAValidateEL(((isset($_POST["UserPassword"]))?$_POST["UserPassword"]:"") . "",6,50,true,3);
must contain numbers
$WAFV_Errors .= WAValidateRX(((isset($_POST["UserPassword"]))?$_POST["UserPassword"]:"") . "","/[0-9]/",true,4);
must contain letters
$WAFV_Errors .= WAValidateRX(((isset($_POST["UserPassword"]))?$_POST["UserPassword"]:"") . "","/[a-z,A-Z]/",true,5);