Weak, insecure, and stolen passwords puts your network at risk. Password policies don't prevent employees from using known comprised passwords. Due to the fact that users are historically bad at creating difficult to guess passwords, users tend to choose predictable, easy-to-guess passwords instead.
Coupled with password reuse, these poor password hygiene practices undermine your security controls.
…it is recommended that passwords chosen by users be compared against a “black list” of unacceptable passwords. This list should include passwords from previous breach corpuses, dictionary words, and specific words (such as the name of the service itself) that users are likely to choose.
