When you are defining requirements for the management of application access, your organization has decided upon username and password as the desired authentication mechanism, and the solution will use its own authentication process as opposed to a third-party component such as Active Directory for managing user access.
User Story AC-1 A user can create an account to gain access to the application.
User Story LI-1 A registered user can log in with username and password to access the application.
User Story LO-1 A logged in user can log out to prevent unauthorized use of their account.
User Story PWR-1 A registered user who forgot their password can set up a new password.
User Story PWC-1 A logged in user can change their password to keep their account protected against unauthorized access.
User Story LOC-1 User is locked out after 4 unsuccessful attempts to log in with the same email address.
Stop wasting time and energy and gain time to dedicate to core business requirements. Purchase the full list of user stories and accompanying acceptance criteria for User Authentication that you can easily modify to fit your project needs.