Depending on the domain you will likely retrieve the password policy even without having valid user credentials.
ProbablePasswordList V2.0
The Probable Password List is a good place to start. The majority of passwords which are "crackable" will be cracked will be cracked with the wordlists included within.
RockYou2021 | 8.4 Billion Entries
Use this one if either money or time is not a factor. This list will take some cycles, as a comparison the traditional rockyou.txt contains 14.3 million entries making RockYou2021 almost 1000 times bigger.
# This combines all the following passwords lists:
https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm
https://www.hack3r.com/forum-topic/wikipedia-wordlist
https://github.com/danielmiessler/SecLists/tree/master/Passwords
https://github.com/berzerk0/Probable-Wordlists
https://weakpass.com/download
password from 3.2 Billion COMB list from early this year. thanks to whoever created it.