The fact that Admin Users and Front End Users are not required to at least meet some kind of minimum strength for their login credentials is a huge security risk. This needs to be mandatory! Even if an administrator creates a secure password, the user can then go and change it to something as easy as 123. Literally!
This is listed as "Released". Has it been released? If so, how can you access it?