I am convinced that passwords are contagious. Despite all advice, passwords are routinely shared in documents and emails. Once there, passwords are easily propogated in backups, file syncing software, email forwarding, etc.
Another pet peeve of mine is committing passwords into software repositories like Git, Mercurial or Subversion (to name a few). Once there, it is incredibly difficult to remove them. Committing a change with the password deleted still leaves original commit buried in history, waiting to be found again by those with malicious intent. Repository surgery is possible, but only works if the error is caught quickly and no one has pulled the history containing the change.
I have no simple solutions to prevent passwords from spreading once in the wild. Does anyone?