What passwords is GitHub banning?
GitHub was recently the target of a large weak password brute force attack which involved 40k unique IP addresses. One of many of the security measures GitHub has now taken is to ban users to register with 'commonly-used weak passwords'.
To find out what GitHub considers as 'commonly-used weak passwords' I decided to compile a list of GitHub valid passwords from a few password lists found online and one of my own.
GitHub's password policy is reasonable (at least 7 chars, 1 number and 1 letter) so from all of the wordlists used only 331 passwords were found to conform to GitHub's password policy.
Out of these 331 passwords GitHub did not allow users to register with the following 21:
This is by no means an extensive list, there are thousands of wordlists online, but it does give some idea of what GitHub considers a 'commonly-used weak password'. I'm sure variations of the above passwords will also be banned, this was not attempted.