Information Security professionals should make use of these lists of common weak passwords to proactively test the accounts of employees, contractors, and other users of the information systems that they are responsible for protecting. The most effective way to use these lists is to trigger a test each time a user changes their password – take the hash of the newly changed password and automatically check it against the list of common weak passwords.

For organizations that use Microsoft Azure Active Directory (including any online Microsoft product such as the Office Suite), administrators can configure custom lists of banned passwords by following the instructions on this page: https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-configure-custom-password-protection

While Binary Defense is not endorsing the NordPass product in particular, a password manager in general is highly recommended to generate secure and unique passwords without causing extra stress on people to remember many passwords. There are many password manager products available, including cloud hosted and offline versions. Pairing a strong password with Multi-Factor Authentication (MFA) is the best way to protect accounts even when an attacker guesses or steals the password.

https://www.theregister.com/2022/11/25/infosec_roundup/

https://nordpass.com/most-common-passwords-list/

https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-configure-custom-password-protection