password is the weakest form of authentication on open systems i.e. ones which you have to hand over to monkey grade users.

If you have a reasonable password policy yourself, I very much doubt it will cause you any problems.

I've been attacked by these for 10 years, probably totalling millions of attempts and I have a user name in their databases but due to a sensible password, nothing has got in.

I tend to use PKI and keyboard interactive logins though.