I can tell you working as a federal contractor or employee in an IT department that complex passwords are hard for most people to remember.
We always had to change the password for people who forgot their password to "Password" or some other easy to remember word, and then they are supposed to change it when they log on but more often than not they don't even bother to change it.
So you got administrative accounts to all of the managers because they want access to everything to monitor employees. When those accounts got an easy to guess password then crackers can get in and mess with stuff.
It isn't just people outside the organization, people inside the organization want to crack databases and steal stuff so they can sell it.
I worked for a law firm and some people in the business office had DDOS tools to take out my machine because I was a programmer. I wrote a funtion called SQlFilter that filtered out SQL control codes and tripled up single quotes so they couldn't do an exploit in SQL to drop tables or edit data. I wasn't very popular for writing that function.
We always had to change the password for people who forgot their password to "Password" or some other easy to remember word, and then they are supposed to change it when they log on but more often than not they don't even bother to change it.
So you got administrative accounts to all of the managers because they want access to everything to monitor employees. When those accounts got an easy to guess password then crackers can get in and mess with stuff.
It isn't just people outside the organization, people inside the organization want to crack databases and steal stuff so they can sell it.
I worked for a law firm and some people in the business office had DDOS tools to take out my machine because I was a programmer. I wrote a funtion called SQlFilter that filtered out SQL control codes and tripled up single quotes so they couldn't do an exploit in SQL to drop tables or edit data. I wasn't very popular for writing that function.