When setting the password. Additionally we need to clearly present whether password strength requirements are met (and which).
We should also add minimum security index as additional possible requirement in password configuration.
Solving this ticket will require quite a lot of work as password quality checking must not contradict credential settings. At the same time it must be independent in that sense that even if a weak password is allowed by a policy it should still be marked as weak.