We have a secondary address book that we use to authenticate Web only users to a Domino Application. We would like to apply best security practices with the next update of our application. These would include password expiration, password strength (specific length and character requirements IAW Corp. policies), last login, enforcing dormancy after 90 days, automated reset requests and any other user name and password related functions that a "REAL" internet site would have. Domino seems to lack the ability to project the high security to internet only users that is a basic entry qualification for the internet these days. Please show me how wrong I am.