One of the roles I use to do was PC support for a mid size insurance company – as the new IBM PS/2 pc’s were being rolled, out one of the things that was new was that they had a hardware or boot password. I was called to look at a problem with Word Perfect (and does that date me!). On a sticky note on the PC was “the password is whatever”.
This was in the early 90’s and cyber security was no where where it is today as a top of mind issues, but it does illustrate the issue that just a password alone is not that secure.
Can you both improve security and simplify the user experience ?