Define password strength requirements and scoring levels for password strength indicator

As a developer, 
I want to research and define clear requirements and scoring logic for password strength 
so that the Password Strength Indicator accurately represents password security levels 
according to modern best practices.

Description

The current Password Strength Indicator produces misleading results (e.g. 12345678910111213 is rated high strength). This task involves:

1. Researching and defining best-practice requirements for a "strong" password (based on NIST, OWASP, and other reputable sources).
2. Creating a Markdown table of password requirements with examples and a column for team approval.
3. Defining five password strength levels (0–4) with score meaning and calculation method, also as a Markdown table.
4. Posting both tables as a comment, tagging PM and team members for discussion and approval.

Acceptance Criteria

• Research completed using best-practice guidelines (NIST SP 800-63B, OWASP Cheat Sheet Series, etc.).
• Markdown table with password requirements created: | Requirement | Description | Example (Good) | Example (Bad) | Include? (Y/N/Discuss) |
• Markdown table with password strength levels created: | Score | Description | Protection Level | Est. Guesses |
  • + Min level ?
• Both tables added as a comment.
• PM and team tagged for feedback and approval.
• Agreement reached on which rules and scoring levels will be implemented in the next step.
• Once the tables are approved by the team/PM, add them to the Guidebook.