Users who are well briefed on the severity of security threats will not, as IT had hoped, create stronger passwords to better protect themselves. They actually tend to create much weaker passwords because the briefings make them feel helpless, as if any efforts to defend against these threats are pointless. IT staffers need to make sure that they emphasize how powerful a defense passwords, PINs and secure phrases can be in defending against threats, at least until we are able to deploy better authenticators. Your password doesn’t have to be beyond the capabilities of the cyberthief. It simply needs to be better than most of your colleagues passwords.”]
Source: https://www.csoonline.com/article/3124750/your-users-have-porous-passwords-blame-yourself-it.html