I'm always chastising someone about their bad passwords. They either use a silly simple password, or none at all for their personal computers, accounts online, etc. Some people will even use numbers for critical accounts like online banking. It's a huge security problem. What's the point in a password if it doesn't stop someone from breaking into your stuff?
More than two in three respondents (65 per cent) quizzed in RSA Security's survey use fewer than five passwords for all electronic information access and 15 percent use a single password for everything. These figures are unchanged from a similar survey last year.
John Worrall, VP of worldwide marketing at RSA Security, said: "The majority of consumers are aware of the problems associated with passwords, but until they are presented with a reliable, easy-to-use alternative, they're going to continue to exhibit poor password management practices." - The Register
There are options. However, users rarely have control over some of these options. For example, if someone keys in the wrong password more than a certain number of times, like ten for example, then the system should lock them out until they call to release the account, or at least block the IP from which the bad attempts came for some period of time. This keeps computer programs from trying "dictionaries" or lists of potential passwords in an attempt to "brute force" (bruit) the password. Basically, given enough times, a computer can continue to attempt random paswords and eventually find the correct password. However, with good password protocols (more than 6 characters, random passwords that contain caps, symbols, numbers, and letters, and changing passwords periodically) the likelihood that this will happen diminishes greatly when you limit the number of tries they get each day. The likelihood goes down to slightly better than "dumb luck". That's fairly close to zero to you and me.
If your service provider (whatever it may be) allows you to use good password protocols yourself, you benefit more than using simple and ongoing passwords. Using a password that means something, like your maiden name, social security number, account number, or birthday, is a really bad idea. It virtually guarantees someone can get into your account if they want. Using personal judgement, one can greatly diminish security threates to online accounts - at least from password hacking.