Some excellent work here. An internal US Government agency audit audit showed that a fifth of passwords were easy to crack. Their recently published study showed that hashes for well over 80,000 AD accounts included passwords like Password1234, Password1234!, and ChangeItN0w!