Currently when setting "Password Protection" on a staging server, the username field has a restriction of "Only lowercase alphanumeric characters are allowed", and the password field has a series of requirements for a strong password.

I am all for password strength in most cases, but in the case of htpasswd protection, I think people have a variety of use cases. For instance you may want to only provide reasonable protection on a staging server to keep search engines, and bots out, etc etc. And often times you share staging with a client.

It would be nice to be able to use whatever combination of user/pass is appropriate for your client needs.