Second factor security using keyboard biometrics can help assist in eliminating the releveance of a weak vs. a strong password. It should not matter if the user's password was made up of 3 simple letters only, or a 10 character mix of letters, numbers, symbols and case. Like fingerprints, we all produce a unique keystroke when typing. If this second layer of security has been properly trained into the system, a set of unique patterns will be available for comparison against new entries. Only one individual should be able to duplicate the keystroke pattern with sufficient confidence that the system would authenticate. The simplicity or complexity of the password would not matter, which in turn alleviates a number of usability and password management issues.
The 500 Most Common Passwords
Whats My Pass recently listed the 500 Most Common Passwords from the 2005 book Perfect Passwords by Mark Burnett (note: some are offensive). The top 3 are 12345, password and 12345678. One interesting thing that caught our eye - the key difference between numbers 1 and 3 of course must be that those using number 3 work in "secure" organizations that require a strong 8 character password.