Not directly related but prompted by Pwned Passwords Validator since we have been looking into stronger password validation lately.
Discourse does not appear to block a password like myusername123 or 4myusername for the username myusername.
I didn’t find any past discussion on this specific kind of weak password. Has this been considered before?