The password policy engine provides a mechanism for enforcing rules for user passwords.
If you install a module that depends on users/groups, this feature will automatically be installed as well.
You can find this feature in the menu system at the following location:
<navigation>System|Account Manager|Password Policies</navigation>
Specify the minimum allowable password length.
The age before which the user cannot change the password.
The age at which a password change is forced.
The number of different passwords you must have before you can repeat one.
If enabled, the account will be locked for 600s after 5 failed login attempts
<note tip>These settings are held in ldap. If you wanted to change, for example, the lockout duration you would have to use a tool like phpLDAPAdmin and edit the object: