Not sure I'd call it a 'bad bad practice' for a user to do it voluntarily, but it's unnecessary.
I think the above commenter is thinking about the requirement a user to change a password on a timed basis. There's been a good bit of research done in this area, and the consensus is that it just causes most people to stick a number at the end of their password anyway, making the policy completely worthless at best, but it often leads to people writing their passwords down.
It’s not research, but I would point them at NIST 800-63. These are well thought out standards that the entire US government follows. It would be tough to find a more comprehensive or authoritative source that says otherwise.