There needs to be some way to enforce user passwords to meet some minimum complexity requirements. At the moment there doesn't seem to be any way to do this other then by using an external LDAP authenticator. Unfortunately jira does not seem to be able to allow users to change their passwords on the external LDAP system.

Another feature would be the ability to expire user passwords after a given time requireing them to enter a new one.