Security: Passwords and more...

... passwords. A list of the 100000 most common of them BTW:
https://www.ncsc.gov.uk/blog-post/passwords-passwords-everywhere

Quoting:
"I'm a developer. What should I do with these files?

If your product is unlikely to have access to the internet when deployed (or you don't want to rely on an external service), you can include a check against one of these files in your authentication flow. It's up to you how you handle cases where the password matches one of these, but you should enable users to use tools such as password managers.

If you can make use of an external service, there are options such as Troy Hunt's Pwned Passwords API. Troy has written a really good blogcovering how different companies have implemented this feature, that may help you to design your own flow.

Alternatively, look at ways to reduce the load on your users by looking at alternative authentication flows (like supporting single sign-on), and by keeping an eye on upcoming standards such as WebAuthn - we'll have more on this in the future."

About password policies and digital identity guidelines...

... As well as good and bad advice:
http://www.bbc.com/news/technology-40875534

Digital identity guidelines, US government's National Institute of Standards and Technology:
https://pages.nist.gov/800-63-3/

The FUN Dept.: About passwords, password policies and related stuff

The "good old times" (not) where 123 or Benfica would be good enough for a password everywhere you needed a password are indeed over for good. Here are some Dilbert strips password-related (the strips are not properly "new", just look at the dates):

• This reminds me of the temporary password Rui C has provided me with yesterday: Dilbert Comic Strip on 2012-07-01 | Dilbert by Scott Adams
• This is about new password policies, increasingly demanding (not like that one): http://dilbert.com/strip/2004-12-05
• And this is what all passwords are: several asterisks? http://dilbert.com/strip/2001-09-06