UK's NCSC suggests automatic blocking of common passwords