I am requesting configurable policies enforcing password complexity and expiration within MAAS accounts.
This is a standard requirement for enterprise software and I am surprised that it does not already exist.
This should exist for API keys as well, but at least API keys track when the key was created which gives me a way to manually check how old a key is.