For all the talk about two-factor and multi-factor authentication, to mainstream adoption of biometrics, passwords are not going away. More focus is needed on how to make passwords work for the vast majority of applications. Cracking more than 80% of user-selected passwords is relatively easy, even if theyre hashed in a database when stored. Despite attempts to educate people on the importance of using even relatively long, complex, random unique strings, they dont.”]
Source: https://informationsecuritybuzz.com/articles/insecure-passwords-or-insecure-people/