Password policy is a trivial security control related to authentication. Passwords are commonly prone to dictionary attacks, brute-force attacks, and password-guessing attacks. If the application allows weak passwords to be set, then they could easily get compromised. A strong password policy typically has the following conditions:

• Minimum length of 8
• Must contain at least 1 lower case character, 1 uppercase character, 1 digit, and 1 special character.
• Password minimum age
• Password maximum age
• Password history restriction
• Account lockout

It is important to note that the password policy must be enforced both on the client as well as the server side.