Additional User Login Security

@moe Until SSO can be implemented can you implement the following:

Failed Logins : Lockout after 3 failed attempts within a 15 time period, lockout for 15 minutes after the failed attempts, sends user an email when they’ve been locked out
Options: Allow user to request password to reset account, send user an email no lockout

Force Reset user passwords after x days