So this is quite annoying:

• We don't give the user clear instructions how the password should come into compliance, instead forcing a trial-and-error flow
• Makes it hard to quickly set up a Coder deployment for testing
• The warning only updates on submit... it should update in real time. These entropy checks are not expensive?

Since this is a product directed towards a technical audience I would much prefer we make this entropy check a warning and not block sign up. Deployments with hefty security requirements should use SSO and not built in auth anyways.