Brute Force Login security protection is essential and effective.
BPS and BPS Pro do not have a password policy enforcement feature. I believe there are some other WordPress plugins that offer that. We assume that anyone who uses BPS or BPS Pro cares about website security and creates strong passwords. Over the past 8+ years no one has mentioned to us that their WordPress login passwords were cracked/hacked/guessed. WP Administrator, Editor, Author and Contributor user accounts should be using strong passwords. Subscriber user accounts on the other hand don’t really need strong passwords since Subscribers don’t have access to the WP Admin backend.