I think it comes with the territory that most IT professionals have really bad password practice.
I use pretty much the same password for everything, with some variation depending on password complexity and those that expire after a set about of time, I just increment the number by 1 each time.
Agree with that and much the same with incremental numbers.
Gone are the days of rolling up to a customer site and being handed the admin password on a bit of paper and then left to get on with it.
Surprised more websites don't send a passcode to mobile phones as an extra level of authentication.
Did some work for a marine engineering company once and the IT manager had stopped a Chinese hacker who was begging to be let onto the system otherwise they would lose their "job"!
Cyber security. Big business and very lucrative for any contractors who know what they are doing.