At this one ISP, I wanted to do something where if a user tried to change their password, it would get checked against one of these lists. For example it wouldn’t allow any of the top 500 worst. Unfortunately I left before I could implement it.
I agree! I have some accounts where I’m limited. What reason do they have for limiting how you set up a password? It really bugs me!
I use LastPass on Steve Gibson’s recommendation. I usually have LastPass Generate passwords as well as put them in SG’s “Password Haystacks”