Why does it matter how unimportant the site is? When you pick a password, either you pick something simple and totally insecure (password, 3jane, god), something not so weak but still easily crackable ("kLY8rT"), or you use a password manager.

The "not so weak but still crackable" intermediate level doesn't make sense. It's probably going to be reused (how many different 6-character random passwords are you going to remember), so it's just as easy to make it 8 or 12 characters to make it harder to crack when one of the sites inevitably has their password database stolen. If they're not hashing, of course, you're screwed no matter how long the password is.

If you're going to allow 6 character passwords, that indicates there's basically no cost to user account compromise, so why should there be any password testing at all? If a user wants to use the password "1" and gets hacked, that's their problem, they can create a new account after all. It also indicates that user's contributions to the site are probably of low value, since they don't expect to gain any social capital from their contributions that are worth protecting with a better password. If they think the post(s) have value but are going to abandon the account, they can just as easily use "1password" as their password instead of "123123".

It seems like an 8 character minimum and checking against a wordlist is a small price to pay for preventing naive internet users (there are a lot of them) from using horrible, not just bad, passwords.

> When you pick a password, either you pick something simple and totally insecure (password, 3jane, god), something not so weak but still easily crackable ("kLY8rT"), or you use a password manager.

No I don't.