Users changing their password to something weak is one of the most vulnerable aspects of a WordPress installation. Using WP User you can force to user set strong passwords.
Go to Dashboard->WP User ->Security
1) Click on ‘Enable ‘ check box and set validation message and regular expression.
2) Click on ‘Update’ for Save setting