Passwords That Should Never Be Used
The Original Yama writes "Strong passwords are your first step in securing your systems. If a password can be easily guessed or compromised using a simple dictionary attack, your systems will be vulnerable to hackers, worms, Trojans, and viruses. PCLinuxOnline provides an alphanumerical list of list of commonly used weak passwords that should never be used. If any of these passwords look hauntingly familiar and are being used, you should change the password immediately."
Your users shouldn't require anything more than a 4 digit pin & a magnetic card. If it's enough to protect their money, it's surely enough to protect some stupid data.
Any lame brained security system that depends on people choosing difficult to remember passwords and changing them every 3-6 months is broken by design.