As is becoming more apparent, cyber criminals are more interested in the results of their attacks rather than the glory. This implies that they will look for the path of least resistance, and what better way that to exploit this than weak password policies?