Let users have different passwords for web logins and mobile logins.
Why? Because in my desktop browser I can use a password manager to store strong passwords. In your proprietary mobile app, I will (almost certainly) have to type the password in manually, and on a tiny keyboard, which makes it almost impossible to use a strong password in that context. Also, it's actually not necessary to use a strong password in a mobile app because you can use the device identifier as an additional security factor.
And for the love of God, don't deliberately undermine the use of password managers by disabling autofill in your login forms. (I'm looking at you, Citibank!)