According to the report –
We can talk until we are blue in the face about the risks of reusing passwords, or using easy to guess passwords, but until we deal with this, it’s not going to be effective. In order to comply with our advice, employees would have to do something that is more than likely beyond the capacity of the human brain. Remember 191 unique passwords.
That’s not happening.