Hi @jsnrkd,
I can certainly suggest that as a development request, although I can’t guarantee suggestions will be added to the product after internal discussion.
Whilst WordPress itself can check password strength on creation and Wordfence can enforce it, we also have optional checks for identifying particularly weak passwords, or ones found in breaches. 2FA is probably the best protection (especially with higher-level roles that can make site changes) to mitigate issues with the password itself, just in case it’s either been reused on your site from an earlier time, or another account the user has elsewhere.
Thanks,
Peter.
