Users have too many passwords and either select easily guessable words or write them down
Study: 2002 NTA Monitor Password Survey
Date: December 2002
The typical intensive IT user now has 21 passwords, and has two strategies to cope, neither of which is advisable from a security standpoint: they either use common words as passwords or keep written records of them. 49% write their passwords down, or store them in a file on their PC.
The research shows that 84% of computer users consider memorability as the most important attribute of a password, with 81% selecting a common word as a result.