I still remember the day, when I attended my first lecture at this university. The one thing my Prof warned me then was to make sure that I keep my passwords *cryptic*. For me cryptic then meant anything that was not my name or my date of birth. Of course how could I expect somebody to know that a new word could be formed just with my bike license plate number and my sister's name.
Then I was just a kid, someone not exposed to technology, rather someone not exposed to its dark side. But then, I am not alone. People who should know more about this than me, the "system administrators" think on these lines even today too. Else how could a password guessing worm access a flaw in MySQL affecting not one, not two but eight thousand databases!!