Yes they can.
When I was working as tech support for an ISP, I'd need to setup e-mail accounts for 100's of people, mostly in business. Sometimes they would give me usernames and passwords sometimes just usernames and a "default" password.
Once the account was created I'd send a test e-mail to each account to make sure it worked. If the company used default passwords I'd include instructions on changing the password in the test e-mail.
I saw a LOT of passwords this way. Many use the username as the password and most people used BAD passwords (like "hummer" for 3 people I knew that drove one).
When I got support calls for e-mail issues most users whose company used the default password never had changed it.
I had a hard time trying to convince them they should change it. They would also tell me things like "but I like this password and use it for everything". The ones that scared me were the ones who told me "I like using my fist name and my pin number as a password". YES! They said PIN number as in ATM pin number. They didn't always use their first name but I'd guess 1 in 4 that used alpha and numeric characters used their PIN number for the number part, for security reasons I'm sure.
If I had been a criminal type.... or if a criminal type ever gets a hold of their password these people have all their password the same and their PIN numbers the same for any account they have... e-mail, computer, Bank, etc....
Edited by bobmad, 02 May 2007 - 09:02 AM.