<div dir="ltr">I did work for an auto-auction company for a few years after my
retirement. They had a policy of assigning a new employee a certain
password and then requiring a change in user password every month.
<br>
<br>And, yes, the initial user password assigned to each new employee was
Password1.
<br>
<br>So, quite naturally most employees changed next to Password2, then to
Password3 and so on. So, I did know and was sometimes offered, a
team-mate's password. To my knowledge a data breach was never announced,
but what a useless system. And, yes, there was a nine character limit so
it was possible to guess almost any user's password with only ten attempts.
<br>
<br>Definitely NOT the way to go.
<br>
<br>Quite needless to say, I did not follow that practise - yet most of my
passwords used there did contain my birth year, M93ix, in some position
or another within differing passwords.
<br>
<br>George
<br>
<br>
<br></div>