well i was thinking maybe allow the admin to force reset every ones passwords? such as when they log in they are forced to change there password. and maybe allow the admin to make user passwords expire after an x many days, weeks or months? so they are forced to change there password after a certain amount of time. also would very much so like to have a password strength bar when users create new passwords and on registration page, also admin is allowed to exclude certain passwords like make a list of known simple passwords and this will disallow any users using those passwords. also make the passwords more customizable allow the admin to add filters like user must have a capital letter, a symbol, a number and so on. also a must disallow users using similar or same passwords when they change there password.