As the title says, the required complexity of user passwords should be configurable (in the admin dashboard, perhaps).
A conservative implementation could be a simple checkbox of whether password complexity should be checked (just as it is now with zxcvbn) or not.