This is intentional to prevent accounts from being compromised and is not a bug. That user might have used a weak password (like 123456 or TotallySecurePassword).
Maybe suggest them to use a more secure password? A good option for a secure password generator is this which generates memorable secure passwords.
