When admin is resetting all users password are the users getting
notified about the password reset? I read that with some “Emergency
password reset” plugin it is available, but is it a built in feature
in WordPress or no.
WordPress doesn’t have an option to reset all users passwords, so it would depend on the plugin you use.
When user changes his/her password, the user shouldn’t be able to use
the last password again. Is there a builtin functionality in WordPress
for this or a external plugin?
Why would they even be able to? No of course users can’t use previous passwords. User’s can’t log in with old passwords, but there’s nothing in WordPress core preventing users from re-using old passwords.
Is it possible to force users for certain password patterns. For ex.
not allowing users to use more than 2 same letter straight in a row
and force in symbols, number and lower and uppercase letters.
Not out of the box, but a plugin might be able to do this. I haven’t seen any though. All I’ve seen are plugins that let you require a minimum strength as already measured by WordPress, but not specific patterns or minimum types of characters etc.
When Admin adds a new user the new user gets and email for creating
his/her self a password. Is it possible to make the password
generation link to expire after 24/48h?
It already expires after 24 hours. This can be changed with the password_reset_expiration
filter.