# Built-in policies

## Low-Level Password Policy

This policy sets the foundational security requirements for passwords:

* **Minimum Length:** Passwords must be at least five characters long.
* **Attempt Limit:** The account will be locked after 10 unsuccessful login attempts.
* **Uniqueness:** Passwords must not be the same as the user's email address.

## **Medium-Level Password Policy**

This policy outlines additional security measures to enhance password protection:

* Minimum Length: Passwords must be at least six characters.
* Complexity:
  * Must include at least one number.
  * Must contain at least one non-alphanumeric character (e.g., !, @, #).
* Case Sensitivity: Passwords must consist of letters in mixed case.
* Attempt Limit: The account will be locked after 10 unsuccessful login attempts.
* Uniqueness: Passwords must not be the same as the user's email address.

## High-Level Password Policy

This policy stipulates advanced security criteria to ensure robust password protection:

* **Minimum Length:** Passwords must be at least six characters long.
* **Complexity Requirements:**
  * Must include at least one number.
  * Must contain at least one non-alphanumeric character (e.g., !, @, #).
* **Case Sensitivity:** Passwords must consist of letters in mixed case.
* **Expiration:** Passwords expire after 90 days.
* **Attempt Limit:** The account will be locked after 10 unsuccessful login attempts.
* **Uniqueness:** Passwords must not be the same as the user's email address.