Password management

Passwords are key to user authorization and authentication in Drupal. Default password management could be considered good, but of course it can also be improved. The following module list will provide additional controls for password management in your Drupal Installation.

• Password Strength: This module provides realistic password strength measurement and server-side enforcement for Drupal sites using pattern-matching and entropy calculation, so that administrators can restrict passwords to only be, for example, "high" strength.
• Password Expire: Enforces password expiration. Users that do not change their passwords within the given time will have their passwords reset to a randomly generated one. It includes several notifications to the users.
• Password Policy: Provides a way to specify a certain level of password complexity (aka. "password hardening") for user passwords on a system by defining a password policy. This module also includes a password expiration feature.
• Restrict Password Change: Restrict the password change operation using a new permission so an admin who can create a user is not able to change any users password.
• Login Security: Proactively protects the login form against submission abuses and notifies the adminstrator about password guess or bruteforce operations. Provides functionality to block users or IP addresses after a number of invalid login attempts, creating an authentication policy.