(the below idea is based on an idea raised on hewiki WP:VP)
Many websites have regular security checkups - reminding users to verify their preferences, e.g something as "is your password strong enough? if you loose your password, would you be able to recover it? did you verify your email? is your email still valid? Would you like to enable 2 factors authentication?"
This is especially important for the following scenarios:
- new users getting registered and forgetting to fill/verify their email. Shortly afterwards, they forget their password and need to create new account. If they decided to not fill email, they should be aware that it isn't possible to recover the password (so they should either fill it or backup their password)
- users setting easy password on first signup (the potential damage of the password being lost/stolen is small), and as they get more trusted and more user rights they are not aware to the importance of replacing to strong password
I suggest to have such reminder in the following milestones:
- Shortly after user get registered (1 edit? 10th edit? 4 days on auto promote to auto-confirmed?)
- Whenever a user-right change (getting more rights => more potential damage)