For the IT department, password management is a headache, with many hours devoted to carrying out password resets for forgetful users. There's also the plain old human laziness of using the same password for a range of logins, or even using "password" as a password. Passwords are only as good as their all-too-human owners, and even then a hacker using a keylogger, say, can make off with their secret.
In business, the debate about how to encourage password best practice oscillates between" in making passwords that are adequately complex, to telling users to write down passwords somewhere secure. People are also told to use password management software, so they don't resort to choosing easy words or using the same password for several logins.
But it's a losing battle, some experts say.
In May, Gartner analyst Jay Heiser said passwords are "fatally flawed" and can't stand up to "motivated attackers". The drive to develop new ways of authenticating users, such as two-factor authentication or human biometrics, is in part fuelled by awareness of the weakness of systems built on crackable password security.
Some have predicted that passwords will be replaced with biometrics or other technology in the long term. Just how far away that day is remains to be seen.
Natasha Lomas reported for Silicon.com in London.