As many others have posted, the problem with 'secure' passwords is often that users will start noting them down and keeping them on their screen or in the drawers of their desk.

I have had good results with instructing 'reluctant' users to select an item in the room (or something on a picture on the wall next to the desk) as their password hint. An elderly secretary very uncomfortable with their computer and very forgetful when it came to passwords finally did well when I recommended her to use the name of a bird on a poster (in German). I think this is still a lot better than either a random password noted on a Post-It or the name of your late pet or 'secret' lover.

But, of course, this is totally insecure in a high security environment. So, eventually, we have to conclude that there is a strong relation between security requirements and user capabilities (and enthusiasm/reluctance). It is a 'social engineering' matter after all, isn't it?

Kind regards

zapyon