From 8139f68b1bee525fac6e3e136d5b0f9e69f411f9 Mon Sep 17 00:00:00 2001
From: Chris Thompson <chris@agaric.com>
Date: Tue, 1 Oct 2019 01:06:35 -0400
Subject: [PATCH] Add Password Policy module

OK, so I guess I wasn't quite done. The Password Policy module seems reasonable to me. I've perused the code a bit... They aren't doing anything to invalidate passwords/force reset via Drupal - it implements it itself with a check with event subscriber (KernelEvents::REQUEST) the value of a new user field it adds (field_password_expiration). It also stores a last changed date, and expires users via cron. How it hooks the user modification form I didn't quite grep. Anyway - so far as I can be trusted to approve a module :check:

Project: https://www.drupal.org/project/password_policy
Source: https://git.drupalcode.org/project/password_policy (note shows a 7.x branch default)
Blog: https://opensenselabs.com/blog/tech/drupal-password-policy-module
---
 composer.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/composer.json b/composer.json
index 5b6ab5b..00b0c2e 100644
--- a/composer.json
+++ b/composer.json
@@ -34,6 +34,7 @@
         "drupal/migrate_tools": "^4.1",
         "drupal/migrate_upgrade": "^3",
         "drupal/noreferrer": "^1.7",
+        "drupal/password_policy": "^3.0",
         "drupal/scn": "^1.1",
         "drupal/twigsuggest": "dev-8.x-1.x as 1.x-dev",
         "drupal/webform": "^5.4",