There is also a “common password” Setting.
For example, on my localhost development Discourse I have that disabled so I can use “password” as a password and not need to remember a mess of different passwords for the test accounts.
But IMHO on a real live site it would be a poor idea to allow “password”, “admin”, “aaaaaaaa” etc.
If you look in /lib/10-char-common-passwords.txt there is a list of 2344 such passwords.