System administrators can use an exclusive 8-digit wordlist for "negative filtering." Do not just reject weak passwords like "password." Reject any password that appears in your top 1,000 exclusive 8-digit list.
Implementation in Active Directory GPO or /etc/security/pwquality.conf: 8 digit password wordlist exclusive
# Reject passwords that match a dictionary
dictcheck = 1
dictpath = /etc/security/8digit_exclusive_list.txt
If you are building or purchasing an 8 digit password wordlist exclusive, you need to understand the categories of numbers you will find inside. System administrators can use an exclusive 8-digit wordlist
Crunch is the industry standard for wordlist generation. If you are building or purchasing an 8
crunch 8 8 0123456789 -o 8digit_crunch.txt -d 2 -p 1234567890
This creates a list of all 8-digit combinations (100 million lines). Note: This file will be ~900MB compressed, 4.5GB uncompressed.