•  control over password construction
•  password duration settings
•  control methods on password expiration
•  user redirection on "change password" form when password is expired
•  lost password recovery

• minimum password lenght
• regexp patterns(*) to validate acceptable passwords
• password duration
• further validation rules that compare a password with userID and previously used passwords
• configurable mail address to receive notification of password-reset request
  

A regular expression enforcing the following rules:
* Must be at least 10 characters
* Must contain at least one one lower case letter, one upper case letter, one digit and one special character
* Valid special characters (which are configurable) are - @#$%^&+=

^.*(?=.{10,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$

A regular expression enforcing the following rules:
* Must contain at least one one lower case letter, one upper case letter, one digit and one special character
* Valid special characters: all

^.*(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\W]).*$

Works with plone 2.1

Validation requires plain text passwords

Not tested with others authentication tools (remember/membrane, LDAP)