This is the default Membership settings. These can be overridden by adding
<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15"><providers><clear/><add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider,
System.Web, Version=2.0.0.0,40 Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="StarterSite"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" /></providers></membership>
But thats for the standard asp.net membership but I guess you are still using the SimpleMembership?
I have not had a chance to test this out yet, so see how you get on.