Optionally forbid password login if SSO is enabled and account is linked

[TaaviE]

Describe the solution you'd like Plugin configuration could contain a checkbox to only allow password-based login if the user isn't attached to an SSO user, this would reduce the chances that someone forgets to update a weak/leaked password in one of the attached Wordpress instances and would not allow bypassing 2FA enforced by IdP.

Describe alternatives you've considered There aren't many alternatives besides resetting user passwords to something secure, but they can still reset them back if password resets aren't disabled (which they can't really be).

[Cromian]

@timnolte question what kind of work would be needed to get this done? I have this need. Happy to take a jab at it but just need some direction.