As someone who reads hackernews and works on security systems, yes, absolutely. Run their passwords through haveibeenpwned and disallow anything that shows up.
Based on the feedback I hear from my non-tech friends and family, not allowing them to use their single password used for everything would be a good way to exclude those folks from using whatever service you're trying to sell them.
I was being argumentative there, I think the email-based auth is probably right for a site like this. Force complex passwords and people will often just do a reset every time anyway.
Based on the feedback I hear from my non-tech friends and family, not allowing them to use their single password used for everything would be a good way to exclude those folks from using whatever service you're trying to sell them.