During sign-in, the password criteria are quite strict, and out of line with what you'd expect in a modern tool.
- Contains one special character (!@#$%)
- Between 8 and 71 characters
- Contains both upper and lower case letters
- Contains one digit
- Does not contain more than 2 identical characters in a row (aaa)
I would suggest to remove rules 1, 3, 4 and (probably) 5, and simply raise rule 2 to 10 or 12 chars minimum.
It's not a huge issue, but this kind of thin just adds yet another layer of friction into signing up - especially for users who use a password manager that auto-generates a long password, that is already more than secure enough.
Some reasonable info at the section "Do not use complexity requirements" at this page