Getting users to use strong passwords or password managers is like pulling teeth, and then as security admins, you have to deal with the other side, which is users wanting to write their passwords down and store them insecurely or forget them and request resets continually.

The arguments about how best to deal with password selection have been debated thoroughly in these forums, with Chad Perrin insisting on the need for strong, unique passwords despite some calls from other security researchers who take the counter-intuitive stand that since users often reject burdensome security advice, it will only weaken security — as in a report described by Michael Kassner.

This cartoon from xkcd really does a good job of illustrating the conundrum:

Debating password strength