There should be an option to enforce complex password for users, better still disallow simple password totally.
I just found out an user reset the provided password to "12345", and there is no way to stop that. It's just a matter of time before the account is hacked and data be stolen or deleted.
This feature, being able to requiring longer and more complex passwords, is now available for customers on Pro, Corporate and Plus plans!
Details can be found in our "Live App Security Settings: Passwords" article. Functionality includes options to require:
Other options include setting a password to expire every 60 days and not allowing the last 3 passwords to be re-used.