Validate password should enforce the minimum length

It looks like using `setLength` does not result in a validator enforcing that the given password is at least desired length.  

I think the intuitive usage is to expect for `setLength` to at least trigger a `setMinimumCount`.