Even if Ion auth has enough validation rules for form inputs, sometimes you have to check if the password is strength enough.  One of the fastest way to achieve this functionality is the following check.

$password = $this->input->post('password');

if (!preg_match('([a-zA-Z].*[0-9]|[0-9].*[a-zA-Z])', $password) ){
$errorMesasge = 'Password is too weak.';
exit(json_encode(array('status' => false, 'message' => $errorMesasge)));
}

This code will test your password if it contains numbers and digits, if yes, it will return true.