Add-ons Password Tools 3.12.2

• Fix internal server error when registering an account without an email address (requires 3rd party addon to trigger)

• Fix server error when a password is very long
• Add "Force two-step verification" permission
  • If enabled for a user, prevents email 2fa from being disabled
• For new installs add a "User has compromised password" user-group, and update the "User-group for compromised passwords" option to use it
• Align defaults with NIST Password Guidelines for 2024
  • Update "New password validation rules" defaults. "Prevent passwords which contain the user's email or username, and the site's domain/name" defaults to true
  • Update "Minimum password length" default to 15

• php 8.4+ compatibility fixes
• Rename option "Password check types" to "New password validation rules"
• Add "On login; consider known-bad passwords as compromised" option (default false)
• Add new password validation rule "Prevent passwords which contain the user's email or username, and the site's domain/name." (default false)