Deloitte predicts that in 2013 more than 90% of user generated passwords, even those considered strong by IT departments, will be vulnerable to hacking. The value of the information protected by passwords continues to grow attracting ill-intentioned hackers. The average user has 26 password protected accounts, but only five different passwords across those accounts. The human factor could expose password management process to serious risks, for example humans never remind long and complex credentials, they tend to adopt password easy to remember and related to their life experience.
Source: https://thehackernews.com/2013/01/the-use-of-passwords-in-technological.html