Funny thing at work, I was handling some legacy users - we need to make sure that on the next login, if they have a weak password, they have to change it.
So the whole day I’m typing “123” as a password, 123 123 123 123 all good. So finally I’m done and now I’m testing it, and accidentally I type 1234 instead of just 123. Doesn’t really matter, either is “weak”, so I just click “Login”.
Then goes Chrome, “1234 is known as a weak password, found in breaches, you should change it”.
So TIL 123 is still good.
In all seriousness, you should probably burn any password you enter into a website that isn’t the one you’re logging in to. Even if you don’t submit anything, I’d be paranoid about it getting logged in some JS telemetry or something like an auto-complete query. How many passwords do you think Google has collected by people accidentally pasting/typing a password in their search bar?