Just as important is ensuring the user knows how not both to create or repeat the failing. So many sites I've been to that have unusual/limiting password rules and don't tell you until you've already entered a good password (but not by the sites rules). And even worse, don't tell you what's wrong exactly when you fail it, especially when there is a lot of rules, and they just dump the entire list for you to read through and try to figure out where you failed.
However checking against a list of ~10k common passwords (and adding to that such items as their username and password, site url, etc, etc) is a great base filter, with the message "your password was found in our list of weak passwords" or similar.
Also, assume every user is new to the internet, as there will always be a portion who are. If password check is failed, provide a link to a reputable source on password security and how it matters. Don't assume your users are educated already.
Fortunately, from the rumblings in the industry, this problem will hopefully begin to disappear, there is a big focus on replacing the password.