We all know the basics "password rules" when a user register on a website, such as:
- more than 8 characters,
- must contain an upper case letter,
- must contain numbers and so on
Why don't websites filter (as in not accept) well-known weak passwords such as:
- 123456
- qwerty
- password
What are the pros and cons of such a method and why is it not widely used?