[pbreit]

So what would you do here? Disallow "mickael" from the password? That's pretty user-hostile and almost completely pointless.

[totony]

Is it pointless to reduce the attack vector against your website? And, no, for a banking system, it is not that user-hostile to say things like "we have found that using <pattern> in your password makes it easy for people to guess, please choose a more complicated password".