Did you base your new policy on https://pages.nist.gov/800-63-3/sp800-63b.html#memsecret ? I didn't see any reference to it. You might want to check it out and reference it.
Topic on Talk:Wikimedia Security Team/Password strengthening 2019
Appearance
There's a reference to the NIST guidelines in the Password requirements section.