For control systems utilizing password-based authentication, the control system shall provide the capability to enforce configurable password strength based on minimum length and variety of character types. Additionally, control systems shall prevent password reuse for a configurable number of generations and enforce minimum and maximum password lifetime restrictions.