For those folks not able to move to CB 1.2 in the near future, the following is a potential fix to the problem of not allowing a numeral as the first character of the password:
if you look at /components/com_comprofiler/comprofiler.html.php. There are two occurrences where a regular expression is used to validate the password (there is a third for the username which you should ignore). You can easily find the two occurrences by searching for "checkJversion". The first two occurrences that are found are the ones to change. The third one that you find is related to the username and is in a javascript function called "cbSendUsernameCheck".
The expression that is broken is as follows:
[code:1]
var r = new RegExp("^[a-zA-Z](([\.\-a-zA-Z0-9@])?[a-zA-Z0-9]*)*$", "i"«»);
[/code:1]
To allow a 0-9 to be entered at the beginning of the password, change the line of code to this:
[code:1]
var r = new RegExp("^[a-zA-Z0-9](([\.\-a-zA-Z0-9@])?[a-zA-Z0-9]*)*$", "i"«»);
[/code:1]
If you google "regular expressions php", you can identify ways to modify this expression further to allow other characters like !, #, $, etc.
Another thing to note is that you might want to change the error message string that is displayed when the user enters an invalid password.
This can be done by modifying the file /components/com_comprofiler/plugin/language/default_language/default_language.php. Search for the keyword "_VALID_AZ09".