I agree with gsachs. I have many sites where I'm limited to a 4-digit password (PIN). I'd prefer the option to enter a stronger password, but no such option is offered.
Rather than just complain about continually being shown these vulnerabilities, here are some options I'd suggest.
Add another "advanced" setting that allows a user to bypass these warning. Perhaps force user to drill down several warnings.
Let the user disable the warning, but only for a set period of time; i.e. 30, 60, 90 days, etc.
Let the user assign a tag (like there is for 2FA) to disable the warning.
You are all smart folks, I'm sure you can do something to fix this.
Jerry
