Badly implemented password security
Go to https://twitter.com/signup, right click the page, and then select “View Page Source” (FF/Google Chrome) or “View Source” (IE). There, in all its glory, you will find Twitter’s list of forbidden passwords (all credit to Sophos who pointed out that the list was available for all to see).
For what its worth, I have long since stopped advising that people use “strong passwords”. Rather, I encourage the use of “pass phrases”. Unfortunately, pass phrases don’t work with web sites that limit the number of characters that you can use, or do not allow non standard characters such as spaces (sadly, there are still too many web sites that do that) but for the rest, pass phrases such as “I may move slow but I look good!” are very easy to remember, and extremely difficult to crack.
BTW, the password “password1234” is accepted by Twitter (and is assessed by the Twitter sign-up page as “strong”), as is “1password” and “!@#$%^&*()” and “twitter123” (assessed as “good”)… I’m not sure what security Twitter thinks they are achieving…