I more so blame the administrator who allowed them to have these passwords (and of course whoever was storing them in plaintext).
The reality is that employees can't be trusted to manage password strength. But it's trivial to implement a validation scheme that forces employees to be over a minimum length, use special characters, etc. Of course this is also not great -- and inevitably we'd see Pa$$word123 -- but it's at least a starting point.
The reality is that employees can't be trusted to manage password strength. But it's trivial to implement a validation scheme that forces employees to be over a minimum length, use special characters, etc. Of course this is also not great -- and inevitably we'd see Pa$$word123 -- but it's at least a starting point.