I remember about 6 maybe 7 years ago - I had this extremely bright, gifted . . . she could be reading, talented Network Administrator / Developer who made the recommendation of using complex passwords for the organization and wrote this 4 page in-depth expose as to why and examples of how to come up with a complex password. At first I giggled but the more I dived in I realized how big this was and all that was riding on something as simple as a password.
This was an organization that had never had complicated passwords and I'm sure a few of them were actually using the word "password" as their password. Needless to say the change did not go over well, increased calls to the help desk were recieved, lock outs happened, there were some exceptions of course that had to be made but in the end she was right. The need for complex passwords IS critical to prevent good accounts from going bad.
Because so much of what we did internally has moved via the external portals a complex password that didn't enforce non repeating words, min 8 characters, caps, lower case, alpha numeric - all of it was going to be necessary if we wanted to secure our data and level of access. This discussion was almost 7 years ago . . . . so I am always surprised when I see today so much of the social networking services that DON'T require something more complex.
I have seen password management tools and was recently recommended that I start using one - I'm talking about web browser applications that make remembering unique complex passwords easier but keep in mind - you are putting an awful lot out there sitting in a bunch of one and zeros as opposed to that gray matter you call your brain.
- Mitto Password