PasswordCannotBePopular is deprecated since 1.33, and PasswordNotInLargeBlacklist should be used instead
Currently PasswordCannotBePopular affects non privileged users, but is adding minimal to zero improved security in the grand scheme of things. Should we just remove it?
Ideally we should be rolling out PasswordNotInLargeBlacklist everywhere, but that's somewhat of a breaking change... And probably needs communication
This is somewhat a followup to T208441: 👩👦👦 AHT password strengthing work, 2018/19, and I guess T151425: Enlarge Popular Password File to 100,000 entries and enforce the new minimum in the config does subsumes this...?