I think the greatest threat is not that passwords are too simple, but passwords are re-used. cuz then it doesn't matter how secure your system is, if some other mofo is hacked and the user has the same pwd in both places, then you'll be compromised.
hint hint when you give users freedom to use a simple password that is easy to remember, they're more likely to use unique passwords. But when they have to use a c0mPleX! password, it will be reused because people's brains are only big enough for one complex password.