Passwords can now only be set via:
The Change Password feature. - For logged in users to change their own password
The Reset Password feature. - For logged out users to change their password via a token to the user's registered email address
Both of these application features utilise the User object methods which enforce password policy.
Policy - Passwords must meet the following criteria
Have a length of at least 7 characters
Have at least one letter
Have at least 1 number
Cannot be the same as the username
When creating a new user
New users are created with no password and are unable to log in
New users must use the Password Reset feature to set their password for the first time
Administrator can trigger a password reset email from user list
User can trigger a password reset email from the login page
Administrator users are no longer permitted to set passwords for new users.
If a user logs in with a password that does not meet policy, they are immediately prompted to change their password and cannot proceed until they have done so.
Once logged in a user can change their password again at any time with the Change Password feature.
User can also use the Reset Password flow to set their password at any time
Administrators are no longer permitted to enter new passwords for other users.
Limit Password Attempts
After 10 consecutive incorrect password attempts on the same username, a user account becomes locked and has its password wiped.
The User list screen will show an unlock button next to that users account.
When the unlock button is used by an Administrator, the account will become unlocked and the user will be sent a password reset email.
Once the user has reset their password, they can then log into their account.
User Change Notifications
When the Change Password feature is used, an email is sent to the user's registered email address informing them the password was changed.
When the Reset Password feature is used, an email is sent to the user's registered email address informing them the password was changed.