You might want to start here https://codex.wordpress.org/Customizing_the_Login_Form which discusses customizing the login form, and has info on the code file used therein.
You will need to ‘hook’ into the login form using available hooks (also detailed at the above link).
Also, my comment above: “Password history rules imply that you will need to save previous passwords. There are security risks in that; you don’t want to store user/pass credentials in plain text in any database. So good encryption of that info (in a secure database) will be important from a security standpoint.”