Average Protection Rate of a Password

I am familiar with the password length formulae
M =(log S) / (log N) where S = (L*R) / P but has anybody read about “average” password protection rate for your average PC in an average environment. I have a note from a conference that 75 percent all passwords are good enough protection for what they are protecting if they are strongly constructed. The idea is to increase the ROI on authentication spending by focusing on the other 25 percent.
Can anyone help?