Password Policies settings specify password requirements, and can be used to customize how passwords are used.
Setup > Manager Users > Profiles (Select a profile) Custom Sales Profile
System > Password Policies
Password Policies > Edit
User password expire in: Set the number of days. After 90 days the password will expire.
Enforce password history: 3 passwords remembered. You can’t use the last 3 passwords.
Minimum password length: 5, 8 10 and 12 minimum characters required for the password.
Password complexity requirement: The requirement for which types of characters must be used in a user’s password.
Password question requirement: Answer to the password hint question cannot contain the password itself; or none.
Maximum invalid login attempts: How many times you can try invalid attempts before getting locked out.
Lockout effective period: The duration of the login lockout. The default is 15 minutes.
Obscure secret answer for password resets: Hides answer for the security question when you type.
Require a minimum 1 day password lifetime: When enabled passwords can’t be changed more than once in a 24 hour period.