[totony]

Example:

Username: mickael

Password: mickael69

EDIT: Just to be more precise, there is a correlation here, and with so much data a lot can be known. Patterns can then be forbidden from password fields so the website is less prone to dictionary attacks.

[pbreit]

So what would you do here? Disallow "mickael" from the password? That's pretty user-hostile and almost completely pointless.

[totony]

Is it pointless to reduce the attack vector against your website? And, no, for a banking system, it is not that user-hostile to say things like "we have found that using <pattern> in your password makes it easy for people to guess, please choose a more complicated password".