I have an amusing anecdote about the military and password security. I worked with some folks on a base once and everyone used the same keyboard pattern such that if I knew the first character of a password, I knew the whole password. This pattern was openly shared as a way to "remember" otherwise impossible to remember complex passwords.
So do I. Worked at a contractor hosting multiple sensitive/classified document repositories for one of the service branches. One of their attorneys' passwords expired for the document review platform. So this highly-qualified, TS/SCI cleared person accessing sensitive data emailed a bunch of our IT support and PMO distribution lists - basically an unknown number of anonymous third-party personnel - with an angry request to "reset [my] password back to [pass1234]! Right now!"
One thing I learned is that, with the exception of those directly concerned with the firing of weapons in anger, most military personnel don't give a hoot about operational security, and they HATED our IT department who did.
