The error message "Invalid username or password" is a bit confusing if a user tries to login with a correct username and password.
It would also be nice to configure a different expiration time for the "Authentication" process.
I totally understand why the password change process has to be finished in a given time, but I think it should be possible to login at any time. (So I can get a coffee before I enter my credentials...)
Maybe it's even possible to exclude the "Authentication" process from the time validation like that:
It would be very nice if this feature could be implemented for the version 1.1.0 Final.