If you intend to allow self registration of users, then management of passwords could easily become a major headache.
This component shows examples of how to check password strength and a simple way to check password expiration (without timers) and redirect users to a place to change their password. It uses Regex and other typical reusable logic to handle this and have a user-friendly approach that is expected of an application.
Update: Includes a component as a public web block to drag and drop onto a page. Also includes public actions to Get and/or set the required password strength. Another feature includes an extension entity on Users to set and check for password expiration based on a site property value.