User Authentication - password requirements

[jordy2254]

Is your feature request related to a problem? Please describe.
With #918 & #828 and off various other discussions it has been identified that there is a requirement for password a password policy which will allow an admin to set a series of rules for the password to be verified against.

Describe the solution you'd like
At a high level this feature should implement a PasswordPolicy struct which contains options for the following;

• PasswordLength
• MinSpecialCharacters
• MinLowerChars
• MinUpperChars
• MinDigits

Implementing these features will allow an admin to define a policy for password complexity that a user must follow. This should be stored in the database and a check done on the setting of user passwords before encryption to ensure that it meets the current policy. We could do more here which is open for discussion such as enforcing policies at login so if a change to the policy has been made if on login the user's password doesn't match the requirements they will be made to change it.

[kkovaletp]

Nice catch! This is definitely a useful feature request!
However, while such password complexity rules are very popular, they also produce difficult-to-remember passwords, while such passwords not always crypto-strong enough.
I think that we should not write the code of such a validator for sure, and instead use a well-known, trusted by experts, and popular in the dev community library.
As our final goal here is to make sure that the password is strong enough, I'd ask you to look at something like go-password-validator - we can choose something else, this is just an example of the concept.