There was a recent post about this on security.se which I can’t find right now, basically OP received an email from a site they had an account on, and the email said that the site brute-forced the password and was able to pick it very quickly. Poster asked if they were safe and what was going on. I’ve seen similar posts on reddit and very often people get confused by these emails.
Do you think this “you have a very weak password” warning notification/email is something we should do?
If so, how should we explain it to users that their account it safe and wasn’t hacked or something, as apparently many users get scared of similar notifications?