For as long as we can remember a password has been required to protect personal information. Over the years requirements for these passwords changed, you had to have capital, funny characters, and even length requirements!
After a while that just wasn't enough and we started adding MFA authentication apps and tokens to the mix... But in the end most people reuse the same password across many environments. And to be honest, having to create a password that's 12 characters long, has capitals, special characters, cannot be one of the previous 12 passwords every 90 days kind of encourages that behavior.