Many users register and use a common password ("password","letmein","1234567" etc.) or a guessable password (e.g. one that contains their username). This enhancement attempts to stop users using known guessable passwords. In addition, this enhancement ensures the user cannot reuse their username as a password.
Some analysis was done on recent password compromises (such as gawker), and a list of common terms were extracted. This list is 240 items long and will be visible in host->Lists, under the “banned password” node.
To verify this is working, attempt to register a new user and use a password from this list e.g. “password” or “1234567”. If such a password is chosen the new account will not be created and a message explaining that the password is on a banned list will appear.
Note: as we support case-sensitive passwords, all common banned passwords are exact match.
The default items can be controlled via the host->lists screen e.g.
However, individual sites can add their own lists that will be combined with the host list: