You are an Information Security Manager in a growing fintech company. A team member suggests that you simplify password requirements to increase user compliance. Before deciding, what should be your primary consideration to ensure security is not compromised?