Many years ago when there weren't admin tools to define password requirements and check against common hashes, but nowadays system owners literally define and have great control over what is acceptable. I can't blame the user as they will follow what is most convenient and acceptable.