Recently, I added a new user, and then found out afterwards that they had mistakenly used the same ssh key in labs and production. Our L3 document clearly states that no one should do that, but mistakes happen.
I recall @ArielGlenn conducting an audit over a year ago (and finding quite a few back then and getting them fixed.) We're overdue for checking this again.