Hi!
I would be good to run a password strength checker at login time as well, as the software should, for a brief moment, have a copy of the plaintext password that can be scanned, before it hashes it for checking and forgets the plaintext.
Another measure may be to have a bot that scans the accounts periodically (maybe for starters only on admin, etc. high privilege accounts) and alerts on weakly-passworded ones? We know bad (or at least greyhat) guys do that, so maybe to prevent it we should try using the same approach?