Comment Re:Am I imagining it? (Score 1) 230
Not really. You could still test all users against the top 100 passwords in a reasonable amount of time. After that, test if their mail accounts have the same password.
It won't get you all user passwords, but the low hanging fruit / naive / non-tech-savvy users are probably a better target anyway