Sounds like what you want is tracing. OpenTelemetry is the de facto standard for that. Couple it with aggressive sampling (here’s a great talk on it https://www.usenix.org/conference/srecon24americas/presentation/cruz ) and you’ll have a very efficient way of identifying use patterns.
Before password composition rules, those were actually quite common, as well as passwords that were just the same as the username. Heck, it wasn’t until that long ago that router manufacturers used to ship with admin/admin as the default credentials.