Do we have a default password policy applicable to all Vault customers for userpass authentication mechanism? Or can it be customised by the individual organizations?
The documentation does not indicate you can setup a password policy for the userpass auth method, as far as I’ve been able to find.
The userpass auth method seems to be primarily targeted at smaller use cases, perhaps mostly around testing out the product.
If you need more control around password policies, MFA, and the like for human interactive logins, I’d suggest looking into an OIDC Provider and configuring Vault to use that for authentication.