Since we've recently had an account hijacking issue due to password theft, it would seem logical to take steps to prevent future occurances. I've been looking for solutions to that very problem, and thus far the best ones I've come accross are a pair of 3.0.x hacks:
Password Expiration Policies and
Advanced Password Rules. Alone, either is good, but together, they are great. I'd like somebody to port the two hacks as one, while incorperating the usergroup aspect of the first hack to all parts of this (ex: which usergroups update how often, and how secure their passwords must be). Thanks in advance.