If you're like me, you use a password manager to keep track of all these usernames and passwords. I counted mine; I have 184 accounts (that I know of, at least). That is still below average. The average employee manages 191 passwords, according to a 2017 study by LastPass.
Even with stellar password practices, such as using a unique password for every account (who are we kidding though), passwords get hacked. Poor password and authentication practices lead to (even more) phishing attacks on employees and their businesses.
In fact, stolen credentials and phishing were the top cyberattack vectors in 2019, according to a report by Verizon. Additionally, according to the Ponemon Institute's 2019 report, 44% of respondents have experienced a phishing attack at work (emphasis my own). Even worse, 57% of those respondents who experienced a phishing attack have not changed their password behaviors.