@mizarc
While it at first sounds frightening and strange there is a reason behind this.

Attackers who try to brute force passwords work with lists of well known or beaches passwords.

Because of is this there is the security practice to Block common and previously breached passwords

"Standards" which require or recommend this are eg the National Institute of Standards and Technology (NIST) guidelines (NIST 800-x
it the Open Worldwide Application Security Project (OWASP) Authentication cheat sheet

Some more info
https://owasp-aasvs4.readthedocs.io/en/latest/2.1.7.html