In addition to the general risks of weak passwords, there are some specific risks of weak passwords to consider.
It takes resources to break in. If a password is easy to guess, or one might as well have no password at all. Then it makes sense that an attacker will invest less time and effort into trying to break in. This is a win for the attacker because they can put more effort and resources into finding a way to break in.
A weak password allows other problems to be uncovered.
A weak password can give an attacker access that would otherwise not have a grant. Thus, opening up more potential attack vectors. For example, a weak password can allow an attacker to access your bank accounts; via the email/password reset feature on your bank/insurance company website (if you’re using the same email address/password combo).
It also may allow an attacker to access your emails or social media accounts by using Google’s “Forgot my Password” feature; if you are using the same email/password combo (this is where hackers will try different common passwords with varying success rates).
The weak password also allows an attacker easier access to your computer or network, thereby allowing the attacker to install malicious software (malware) on your machine or gain access to other computers on your network. This can lead to ransomware attacks at home or on the company network, which will cost money and often result in data theft and data loss with little hope of recovery.
A weak password can be used against you.
Weak passwords increase the risk that account compromise occurs due to a security breach. This is particularly true for people who use their email/password combo for multiple accounts and websites, as there is more potential for leaked data from one website or online account breach to lead to further compromise of other accounts due to the common email/password combination.
If a person uses their primary email address and password combination for online banking and shopping sites. Then another email/password combination may be useful for social media sites.
If this second combination becomes compromised due to a data breach at a social media site; then, it may lead attackers back toward your primary email account(s). Thus, thereby making it easier for these attackers if you did not change your email address and password after discovering that the first combination was compromised (a very important step after any security breach). Also, weak passwords may be reusable.
It gives an attacker access.
A weak password can give an attacker access that would otherwise not be granted, opening up more potential attack vectors. For example, a weak password can allow an attacker to access your bank accounts via the email/password reset feature on your bank/insurance company website (if you’re using the same email address/password combo).
In summary, weak passwords can allow an attacker to access your computer, network, email, social media accounts, and bank accounts.