That's very true, but that can easily be extrapolated into "use a different password for work and your bank's website than you would use for the sites you don't really care about."

Also, people would figure that one out on their own pretty quick. They're good at determining the things that aren't *that* important from the things that are. But the overarching rule "a different password for every site" and the reason why is good enough.

And if your users complain like you just did, you can explain that. You can also explain that a good strategy would be to use a slightly *different* password for every site, but have a strong base password. For example, I use passwords that start with the same 10 random letters and numbers, but end with something related to the site. This ensures that my passwords are long enough and complex enough to not be cracked by brute force in any reasonable amount of time, while having something I can easily memorize for everything, and compartmentalizing things enough so that some stupid website that gets compromised doesn't affect my Starcraft account.