similar to #13070 (show a strength meter in the browser)
At the moment the only limitations for Passwords in Matomo is that it needs to be from 6 to 200 characters long.
But for organizations who have many employees it might be useful to disallow really weak passwords (123456).
Maybe for the beginning it would be enough to make the
PASSWORD_MIN_LENGTH configurable (to avoid having overly complex password rules that force people to write down their passwords)
In addition it may be an idea for an plugin that checks all password hashes against https://haveibeenpwned.com/Passwords and disallows ones that are over a set threshold to avoid trivial passwords.
It turns out that thanks to the existing event, adding a haveibeenpwned-integration is really easy:
@Findus23 like discussed in #14295 I've created new plugin that is available on marketplace: https://github.com/simivar/matomo-password-policy-enforcer
I think with my plugin using haveibeenpwned and @simivar's plugin with common rules and the possibility to easily write a plugin that enforces any arbitrary rule, this should be solved.