Check out this most excellent infographic from penetration testing tools company Rapid7, originally posted here.
They did a great job explaining how badly some users butcher their password security. Those of us in the know as security professionals already know the importance of strong passwords, but it's always interesting to see what end users do when you don't run a password strength checking tool.
That said, another common problem is that "secure" passwords are now so hard to remember that they get written down on post-it notes or stored in a file on a disk somewhere. A better practice is to have a longer password with two or more unrelated words and another character between them. That is also hard to crack, but it's much easier to remember, so you won't have to write it down in the first place, creating another vulnerability.
Better yet, you could use our new DirectPass password manager to solve the problem altogether!