Use a strong password you don’t reuse.
We’ll wire this to your auth actions with server-side validation.