I have 3 users roles on my platform with no access to the WordPress backoffice “external_user1” , “external_user2”, “external_user3”.
I need to force every user with one of this roles to change his password at the first login. by the way i use the WordPress login form.
At this time, he enters again the ID and a reset mail is send to the user.
When the user click to the mail link he is redirected to reset page. and when he tries to change the password i need him to type on the keyboard the old one. after that he can access.
And the last one is about password policy :
8 characters with at last 1 uppercase 1 lowercase 1 Number 1 special character