I want to force a user to choose a strong password on registration.

I know, there are many jquery password strength meters out there, and I will most probably use one of them, too. But that does not really enforce anyone to choose a strong password. The registration form must also be useable without js enabled, so one could still potentially register with a weak password.

Accounts must be most secure, because if you are logged in, you can see data of other accounts, which I do not want exposed under any circumstances. So I want to go for maximum security here, therefore I think, it is most important to only allow strong passwords.

So,

How do I set and customize requirements for validating minimum password strength? Only thing I could find in the devise config file is password length. Is there another gem that I should use for this task?

You can use the Devise Security extension, where you can define a password regexp validation (among other things) and enforce the password strength you want.

I've recently released a devise gem which uses the zxcvbn library to reject weak passwords:

https://github.com/bitzesty/devise_zxcvbn

As of this writing (2018), I'd suggest other-folk to consider the newer Devise Security fork before settling on the previously recommended Devise Security extension gem (stale as of v0.10.0 March 2016, but still OG AF mang!)

edit: This one looks more recent, but idk.