Actually, in my case it was requiring. That’s what was frustrating.
WordPress would not let me use a weak password. I’ve also tested passwords that are very complex containing both numbers, upper and lower case letters, symbols, and over 20 characters long, and WordPress thought these were “very weak”. The verification logic is definitely flawed. I can show you examples of *ridiculously* strong passwords that WordPress thought were weak.
The article you referenced is referring to using one sequential character, which is not what I’m talking about. Good point about “snipe” type vulnerability, but you would have to be very good to guess my password example watching me type it at 80 WPM.
In my case, all my WordPress sites limit login attempts so requiring overly complex passwords doesn’t help anything.
If a password is too complex to remember, you have to type it or store it somewhere so you can remember what it is. In my opinion, that’s MORE of a vulnerability than having a password that’s complex but uses some sequential “padding” so that it’s easier to remember.
