Client would like to limit how often a users password can be changed. Currently you can change your password more than once a day using the password reset link. This is an audit concern for the client.  They want to be able to limit it to once a day.