Now you can manage password policies at profile level in salesforce
In winter’15 release salesforce has provided this feature to mange password policies like password expire in, history, length, complexity requirement, maximum invalid login attempts and lockout effective period at profile level. Earlier this option is available at organization level. Now with this winter’15 release this option is available at profile level also.
Until you set the password policies on profile, the organization policies will apply to users. Once you set the password policies at profile level, it will override organization changes. After setting password policies at profile level, if you change these settings at org – level, it won’t impact. profile settings will only apply when set these settings at profile level.
How we can set this at organization level
To find these settings at organization level, go to Settings -> Administer -> Under security controls you will find this option. see the below screen to understand.
To find these settings at profile level, go to settings -> Administer -> Manage users -> profiles -> Select the profile you want to change and edit the profile to change these settings. see the below screen for reference.
This option is available in Enterprise, performance, Unlimited and Developer editions. Need below User permissions required to edit session & password settings in profiles.
Manage permission sets & PROFILES and manage password policies.