Comment 3 for bug 31969

This should not be implemented at login time. That could cause a user to be locked out. This should be implemented durung a password change. Of course, root can and always should be able to avoid such restrictions.