In CTF lab experiment we exploited the fact that user password in slightly modified form is present on the index page of the site itself. A more acceptable practice would be to have a password without any correlation to the application content and/or your personality so it would be hard for guessing. The best practice tells us to have completely random password comprised fro 16+ characters from 3+ different character classes... All these advises are good but still there are millions of passwords in the wild that dont withstand any reasonable criticism. You can check some of your favorite ones (assuming you re-use the same passwords on multiple resources which is a bad practice by itself) at https://haveibeenpwned.com/Passwords.

Discuss on the topic of how different password patterns contribute to its strength/weakness? Consider most common practices of password breaking including but are not limited to dictionary attack (as in CTF experiment), pure bruteforcing, random generator hacking. Have in mind that vast majority of users still rely on memorization of their passwords, so they keep their passwords simple, logical, and reproducible. Think of a good social engineering trick that could help a hacker to break such logical passwords.