>Every password that becomes public knowledge ends up in credential stuffing lists, whether it matches your password policy or not.
That's right. And we don't want to produce passwords that are likely to be on those lists. A simple policy greatly reduces the chances of that happening. After a certain number of zeros, entropy is no longer a concern.
>"Common patterns" and "passwords that contain repeated characters" are not even remotely the same thing.
That's right. And we don't want to produce passwords that are likely to be on those lists. A simple policy greatly reduces the chances of that happening. After a certain number of zeros, entropy is no longer a concern.
>"Common patterns" and "passwords that contain repeated characters" are not even remotely the same thing.
I've already addressed this.