There are a lot of password policy and session policy options:

1. Minimum password length. This means that the minimum number of characters in the password should not be less than the specified value, so to make this parameter more strict, you can use a value greater than or equal to the default value 'min-length' in the configuration

2. Maximum password length. This means that the maximum number of characters in the password should not be greater than the specified number, so to make this setting more strict, you can use a value less than or equal to the default 'max-length/ value in the configuration

3. Require capital letters. This means that the password must contain at least N capital letters, where N is the value of 'uppercase' in the configuration. To make the password stronger, use a value greater than or equal to the value in the configuration. But do not use several characters greater than the maximum available password length

4. Require lowercase letters. This means that the password must contain at least N lowercase letters, where N is the value of 'lowercase' in the configuration. To make the password stronger, use a value greater than or equal to the value in the configuration. But do not use several characters that exceeds the maximum available password length

5. Require a numeric value. This means that the password must contain at least N numeric characters, where N is the value of 'digit' in the configuration. To make it stronger, use a value greater than or equal to the value in the configuration. But do not use several characters greater than the maximum available password length

6. Require at least one special character. This means that the password must contain at least N special characters, where N is the value of 'special character' in the configuration. To make the password stronger, use a value greater than or equal to the value in the configuration. But do not use several characters that exceeds the maximum available password length

7. Do not allow repetition. This means that the password should not contain repeating characters. That is, if the 'Don’t allow repeat' is set to 3 in the configuration, you cannot use three repeating characters ('111', 'aaa', etc.). To make this setting more strict, use a smaller or equal value for 'repeating character', as in the configuration

8. Allow spaces in the password. This option allows or disallows spaces in the password

9. Do not allow the use of forbidden passwords. Allows or disallows the use of forbidden passwords

10. Do not allow the use of forbidden words. Allows or disallows the use of forbidden words in the password

11. Enable password expiration. This option controls the expiration of the password. If you want to set stricter rules, set the value to less than the 'expiration-days' value in the configuration 

12. Send password expiration notifications. This option is responsible for the number of days to notify you when your password expires. To make it stricter, set the value of 'notify-before-days' to less than in the configuration 

13. Do not allow the reuse of passwords. This option is responsible for the period during which a password cannot be reused. To make it stricter, set the value of ‘prevent-reuse-months’ to a value greater than that in the configuration 

14. Do not allow the reuse of recent passwords. This option is responsible for the number of previous passwords that cannot be reused. To make it stricter, set the ‘prevent-reuse-count’ value to a value greater than that in the configuration.