I read this news here about twitter banning weak passwords . Also, they have provided the list of banned passwords. This is definitely a good move and helps with user awareness. However, this is not enough.
A malicious hacker trying a dictionary attack would use a password dictionary that has much more than just 370 passwords.
Instead, I would have liked to see twitter stop accepting passwords that is not complex ( a password less than 8 characters long, has a CAPITAL and a special character). Right now, it does show a password rating during signup but it accepts passwords other than the “too obivious” ones.
OR
Have twitter use two-factor authentication like WikID
Ofcourse, this leads to the same old argument on choice of “easy to use” or “more secure”.