As people tend to have dozens to hundreds of accounts, if you can memorize all of your passwords, they are either:
- Not distinct enough (i.e. not a fresh one per account)
- Not independent enough (e.g. you have a 'master password' with numbers at the end or something like that)
- Not random enough (e.g. you use real words)
Another common mistake is using a few different passwords, and not remembering which one is used where. So when trying to get access, those people try all passwords they know until one of them works, without realizing they've just compromised them all.