The worst part is it actually leads users to boasting about how they `beat the system', essentially telling their coworkers what their pattern is, making the password easier to guess.
I have long felt that organizations that require password rotation for employees should, when the users are changing their passwords, record and post the old password to an internal site (without any identification of the user) for educational (and mockery) purposes.
