Not an ideal password policy (at least 8 characters, two of which must be digits but no special characters) but I’ve managed to devine a regex to support it…

// (?=.\*?\d.\*?\d)	look ahead to find at least 2 digits
// \[\d\w]		only allow numbers or letters
// {8,}			must be at least 8 characters in length

^(?=.\*?\d.\*?\d)\[\d\w]{8,}$