By default, Identity requires that passwords contain an uppercase character, lowercase character, a digit, and an alphanumeric character. There are also some other restrictions. If you want to simplify password restrictions, you can do that in the `Startup` class of your application.
`CookieAuthenticationOptions` has the following properties:
*`Cookie.Name`: The name of the cookie. Defaults to .AspNetCore.Cookies.
*`Cookie.HttpOnly`: When true, the cookie is not accessible from client-side scripts. Defaults to true.
*`ExpireTimeSpan`: Controls how much time the authentication ticket stored in the cookie will remain valid from the point it is created. Defaults to 14 days.
*`LoginPath`: When a user is unauthorized, they will be redirected to this path to login. Defaults to /Account/Login.
*`LogoutPath`: When a user is logged out, they will be redirected to this path. Defaults to /Account/Logout.
*`AccessDeniedPath`: When a user fails an authorization check, they will be redirected to this path. Defaults to /Account/AccessDenied.
*`SlidingExpiration`: When true, a new cookie will be issued with a new expiration time when the current cookie is more than halfway through the expiration window. Defaults to true.
*`ReturnUrlParameter`: The ReturnUrlParameter determines the name of the query string parameter which is appended by the middleware when a 401 Unauthorized status code is changed to a 302 redirect onto the login path.
*`AuthenticationScheme`: This is only relevant for ASP.NET Core 1.x. The logical name for a particular authentication scheme.
*`AutomaticAuthenticate`: This flag is only relevant for ASP.NET Core 1.x. When true, cookie authentication should run on every request and attempt to validate and reconstruct any serialized principal it created.