This is what I have been saying for a dogs age. Security "professionals" have this all wrong because they neglect a very simple concept - NOT ALL ONLINE DATA IS EQUALLY IMPORTANT.
Frankly, I don't care if someone hacks my slashdot account. I don't care if someone hacks the account to the deals forum I visit. The worst that will happen is it will be a minor inconvenience to get the password reset, and they might post some troll information about me.
The only accounts that I have that I care about security are my banking accounts, my Facebook account, and my email account. That is pretty much it. I don't even care about Twitter really.
By forcing all random accounts to have strong passwords, you make the password management problem a lot more difficult than it should be for the average user.
Furthermore, all of these random one-off sites should be using OpenID / Google Login / Twitter / Yahoo / Facebook Login / SOMETHING, some form of identity federation... preferably supporting multiple of these. There is no reason that a mom & pop shop website should be managing identity credentials in this day and age, it is not required. Everyone on the planet has an account with SOME ONE of these providers, or an OpenId provider.