I would say that the other thing, though, is that there are too many passwords, too many different passwords. How many systems does everyone in this room have that they log into just at work?
You can actually have a lot of those passwords synchronized, and then make it two-factor or add biometrics on top of that to create a stronger but more consistent password. That's actually a lot more effective. When you back it up with the ability to audit your users and look for behavioural issues that you might see on the network, it's a much stronger approach than everybody here having 15 passwords that they have to recycle all the time.