Most companies mismanage administrative passwords by keeping them in unsecured locations and not controlling access to them. 57% of companies store their administrative passwords manually, and 18% store them in an Excel spreadsheet; 82% of IT professionals store them mentally.
In my opinion you can equate "store them mentally" as the administrator uses the same password for multiple systems.
I really think that managing administrative, root or "power" passwords (a.k.a. identities) is truly lacking. Who is using one? For what? How is it audited? What did they actually type while they were a superuser? Who authorized that person to have that access?
I bet many companies can't answer those questions...