Users have been choosing words or strings and even passwords based on things, names or numbers that has been arround them for a very long time. Human nature is to analytically or logically tie one thing with the other that they have come across in life. This includes [and is not limited to] birth date's, anniversary date's, room numbers, check or card numbers, phone numbers, pin numbers, parents or friends names, pets name and more names or numbers that is related to them. The other weakness that is more commonly being seen around lazy humans or users is that, they tend to keep default passwords that come along with the device. If the wireless access point comes with "admin"-"admin" for its user name and password respectively, a smart user would change the default username and password to something else, whereas a lazy user would let it be the default as it is easier for them to access when they try to sign in. What they forget is that, when it is easy for them (especially with the default settings), it becomes easy for the attackers as well.
Password guessing is a technique used by attackers to crack passwords. Attackers generally used a dictionary-based password guessing attack to take the easy way. Hybrid attacks have been more successful in most cases, as it is both faster and less complicated. In the worst case scenario, a bruteforce attack is used. It is both time consuming and complicated. Password guessing is very fast in cases where users have chosen to use default passwords. Dictionary-based attacks are much faster when users have chosen English text as passwords. In cases where users have used simple text and numbers such as "devine123", hybrid attacks come into play. In cases where users have more complicated passwords such as "John!Smith120", a bruteforce attack might be a choice of the attackers. This is not always the case and it varies on a case by case basis. Bruteforce attacks are faster than the other two types in some cases.