Modern firewalls and WAFs (Web Application Firewalls) can detect credential stuffing using localized wordlists. Integrate a regex that flags passwords containing:
In a geopolitically sensitive region (energy, Sahara gas fields), an advanced persistent threat (APT) group uses these localized wordlists to target government employees. They know that a civil servant in Algiers likely uses his son's name (Reda2024) as the password to the ministry’s VPN.
Reject the top 500 entries from the updated Algerian wordlist. Use a service like zxcvbn (by Dropbox) which has been trained on regional lists. It will reject mca1970 instantly.