I wonder if there are any plans to strengthen authentication security without delegated authentication by developing the following functions like the below.
1.Maximum password attempts:
The maximum number of invalid password attempts before the authenticating account will be disabled.
2.Days until password expiry:
The number of days until the password must be changed.
You may want to consider implementing a SAML SSO integration with an existing service like Azure AD, Okta, or something of that sort as an alternative. This will give you the most robust authentication controls.
Also, as an FYI NIST changed their guidance back in 2017 to suggest that passwords should not be changed periodically as this decreases the effective security of the authentication. They should only be changed if there are indications that a password has been compromised. You can find info on this here: Digital Identity Guidelines: Authentication and Lifecycle Management (nist.gov) What they do suggest is, when passwords are set, they be checked against lists of known compromised or weak passwords, which is another thing that SSO integration with an authentication service like Azure AD or Okta will address as well as MFA and other similar controls.