1. Password should be minimum 8 characters with Mandatory Alphanumeric with a special character.
2. Password expire period should be configurable after that one has to change password mandatory.
3. User Account should lock on unsuccessful login attempts. No. of attempts should be configurable. To UNLOCK the account should be part of Admin rights.
4. Check feasibility of not allowing last used 5 passwords [Optional]