When I can access a password-protected production account with ease, I recommend enforcing a more complex password for the website, forcing users to select less-common account names, and making sure that passwords are stored in an encrypted format. It’s important to think about these aspects during design, and confirm secure passwords through the testing phase of a product release. This is only one example of why planning for security can’t be tacked onto the end of the systems development lifecycle. From a testing perspective, it’s important to include security testing even if the testing workload is heavy. If an application stores important or sensitive information, don’t risk letting password testing fall off the list.
Spend some time and effort learning how passwords can be cracked. Then use that information to review requirements and products from a security perspective, as well as to improve your testing skills. The password field is just one area, but it’s a good place to start your security testing.
By reviewing the default password tables, you can become more aware of passwords that users are likely to choose. As a user, you might feel hassled by every application having different password requirements, but those requirements are there to safeguard you. I’ve found it helpful to use a password safe that helps me to remember my passwords (I have dozens) and provides a random password generator that can keep me from falling into a "password rut."