The Account Passwort Complexity Policy is very weak, even “12345678”, or “password” are allowed to use as password And since there is no MFA, following Futures would help a lot to have better security and if necessary for the customer, compliance with regulations and standards:
- a password policy which is compliant with best practices and/or give the Company Admins the option to create their own password policy
- create a password blacklist to block people give easy or exposed passwords such as 12345678 for their accounts