You can enforce a minimum password length and lock a user account after invalid logon attempts when using form-based authentication. Refer to Configure Form-Based Authentication Method for more information on defining these in the authentication method settings.
To reset a user password, refer to Accessing The Management Center.