WEB-540: Added configurable authorization/session timeout period. Orgs can now specify if they want an inactivity timeout of up to 30 minutes
WEB-542: Temporarily lock accounts if user enters a bad password too many times. Also added password complexity validations to registration, forgotten password, set password, and change password forms (8 characters + number).
