Comment 4 for bug 1979570

One thing I would be curious to have handy in this discussion is feedback from community institutions about their external requirements (from governing bodies, local regulations, etc..) and wishlists for password security. I'm all for more security but do worry this could turn into Whack-A-Mole as institutions go "but we have to do X".