A password blacklist is a list of words disallowed as user passwords due to their commonplace use.
Blacklists may also incorporate rules to prevent the use of common passwords with frequently-used modifications such as capital letters, standard substitutions or numbers following the words. These rules can help protect against password cracking software that works with dictionaries of commonly-used passwords – which also often include the ability to apply frequently-used modifications.
Such blacklists can prevent the use of a string of characters that might pass password entropy checks. For example, PassW0rd1 is rated as an acceptably strong password in many password strength meters because it employs several password hardening measures, but in fact, it’s quite weak: It’s just the word password (the weakest and most common password of all) with common modifications.
Back to: Glossary