With that, the site gives away whether the account has a low entropy password or not.
Or just generate secure high-entropy passwords and force users to use them.
Making users look up SMS codes before each login is acceptable. Making them solve obnoxious, long, privacy-hostile riddles is acceptable. But forcing them to use pre-generated secure passwords?! That can't possibly work. They will revolt!
Sure, why not? Way more than half of passwords are low-entropy, so that doesn't meaningfully help them focus attacks.
And they still have to keep solving captchas to make those attempts.