Managing Password Policies
If you are a System Administrator you can set your organization's password policies from Admin > Configuration > Password Policies.

You can use the system defaults:

System Default set rules for:
Minimum length
Types of characters
Expiry period
times an incorrect password can be set before login the user will need to reset their password
Or you can set custom policies for:
Minimum length
Expiry period
Number of times an incorrect password can be tried before the user will need to reset their password
When you create a user login, the user will be asked to reset their password when they login.
Guidance on passwords:
Longer passwords are more secure
Password should be a mix of uppercase, lowercase, numbers, and symbols
Password should be different from the passwords you use to log into other accounts, like your email or bank account
Use a password manager to generate long/random passwords
Do not use common dictionary words or phrases. Be creative and thoughtful with your password choice - it adds an extra layer of security to your account from the start
Your password should not be your email, phone number or birthday
Avoid using common words, like “Password”