It appears that there are several places that password length, complexity and ispwned are not currently been checked when changing passwords. This PR adds these. Fix #17977 Signed-off-by: Andrew Thornton <[email protected]> Co-authored-by: wxiaoguang <[email protected]>