As an alternatively you could remove the possibility for the user to change their password and keep the credentials central by the qv admins (I use these approach by simply replacing the link with another website which explained they have for this to contact the admin).
I'm also looking at the "password policy" functionality supported by QlikView Server Authentication Using Custom Users.
There is nothing in the Server Reference Manual which suggests that anything of this nature is supported.
The other Authentication methods clearly do support this to varying degrees.
I'll keep looking, just in case... ;-)