Setting up a password policy
The Liferay password policy creator allows you to set the password life cycle and rules of employing it. You can decide whether the password should be changed. You can also specify the password syntax, the expiration rules, the lockout options, and the password history.
The default password policy provided by Liferay is very simple. It enables you to change the password of users and specifies that the reset password link should be valid for one day. This recipe provides a detailed description on how to create a new, more restricted password policy.
The password policy in this example will require the users to provide eight-character passwords, which cannot be found in a dictionary. Users must include numbers and uppercase letters in the password, and it must be changed every sixty days (it should not be possible to set the password that has been used last ten times). Additionally, the system will count the failure login attempts and block the account for 10 minutes...