[programjames]

Or, users can check their passwords against known-compromised lists. It's not on them to hold users' hands and check for their mistakes.

[Beldin]

Let's not fall for 23andMe's attempts at victim blaming. They offered the service, and they failed to implement to reasonable security practices. Their process allowed users to pick "obviously" flawed passwords. Well, those passwords weren't obviously flawed enough to bar their use, but obvious enough to blame users afterwards.... yeah that's BS.

[ziddoap]

Yes, users can (and should) be doing that as well.