I'm questioning the same thing sir, and I'm still researching about it though. Thing I know for sure is that Twitter still let the user using a very common password that often led into Identification and Authentication Failures (CWE-521 Weak Password Requirements). Perhaps having discussion on password policy would be a good idea.

Thanks for the response, it will be great if we could discuss more about the topic.