"The shortness and simplicity of passwords means many users select credentials that
will make them susceptible to basic, brute force password attacks.
Furthermore, studies show 5,6,7 that about one half of the users use the same
(or very similar) password to all websites that require logging in.
--> Ironically, the problem has changed very little over the past twenty years"