Add pwnedpassword password validation
You could add an optional validation of the given password against the pwnedpasswords.com API, so a BE user can not set a password, that has been part of a data breach.
I added this service to my extension to change FE User passwords.
Code example can be found here: https://github.com/derhansen/fe_change_pwd/blob/master/Classes/Service/PwnedPasswordsService.php