Passwords that should have a complexity consistent with the level of authorization granted to the user often do not. Organizations often trust that this information is well guarded and appropriately managed but that is not always the case. Smaller organizations in particular may depend on outsourced IT or an internal resource strapped with IT responsibilities long ago to maintain at least adequate standards regarding password policy and management of administrator credentials but find out at some point that this is not actually the case. It can be little details like this that can provide the ingredients for a cyber exploitation with devastating results. Laugh at this example yes!...But, make sure this isn't your organization!