and maybe allow the admin to make user passwords expire after an x many days, weeks or months?
so they are forced to change there password after a certain amount of time.
also would very much so like to have a password strength bar when users create new passwords and on registration page, also admin is allowed to exclude certain passwords like make a list of known simple passwords and this will disallow any users using those passwords. also make the passwords more customizable allow the admin to add filters like user must have a capital letter, a symbol, a number and so on.
also a must disallow users using similar or same passwords when they change there password.