All out-of-the-box password templates include the following rules:
The period of time for which a password is intended to be used before it is changed. Best practice is to change passwords regularly to help protect against unauthorized access to accounts and prevent attackers from using stolen or guessed passwords to gain access to sensitive information.
Maximum invalid login attempts
The period of time for which a user's account is locked after a certain number of failed login attempts. This is a security measure to prevent attackers from guessing a user's password through repeated attempts. A user's account may be locked for a specific period of time, after which the user can try to log in again.
The period of time (in seconds) for which a lockout is enforced in case a user exhausts all valid attempts to log in.
Password Reset By
Tenant or OTP
Minimum Password Length
The maximum length of a password that a user is allowed to enter.