Yesterday's password-of-the-day call was from someone who knew her password was "detroit". She just couldn't spell "detroit".
Since we have been outsourced to a big IT-outsourcing company, we have accounts on their systems, as well as our hospital apps. I have IDs on over 40 hospital apps, just so I can change passwords.
If the hospital ever demanded "robust passwords" for their systems, the way my company does for its internal systems, 95% of the hospital user community could never sign in again.
*snort*
I am so glad I'm working at a place that doesn't demand robust passwords changed every 90 days. That gets old fast and I usually end up cycling through three that I always forget.
Changing user passwords was always my favorite part of my tech job. The best was when they didn't know their user name or email address, either.