To use password policies go to Settings / Security page
Strong Password Policy
- should be minimum eight characters
- should consist at least three of uppercase letter, lowercase letter, numbers or symbols
- can not contain localPart of the user's email address.
- can not contain domain (without extension) of the user's email address.
If you enable strong password policy, users who have not a strong password, have to change password to a strong password on next login.
Password Expiration Policy
You can specify expiration days. When the password is expired, the user have to change the password on next login.
Password History Policy
If you enable password history policy. Users can not reuse the last three passwords
When a user enters wrong password ten times in a minute, Captcha protection will be enabled and the user will not able to login without captcha verification.