Most security paradigms look somewhat to complexity in password strength. When deploying my 10.7.1 enterprise I was shocked that only a minimal set of characters is allowed in password security: 0-9,a-z, A-Z and dot (.) This is a minuscule data set in today's security environment and, while on the topic, why are worldwide users limited to the US character set?
Security of ESRI product passwords need to be brought up to NIST and other worldwide standards. https://pages.nist.gov/800-63-3/sp800-63b.html
Respectfully,
Tom