The 3.7 version has brought in more sophisticated password checks but I think this improvement is not going far enough by far. WordPress has had its share of security problems and login break-ins are an issue.
I think the core WordPress code should allow users to enable two-step or two-level authentication that is becoming ubiquitous on the web nowadays.
And no, I don't think plugins are the correct solution. I have tried them before and had issues.