This. But the problem, as I see it, is not with people designing poor passwords. The password authentication itself is the problem. One basic issue is that passwords, ostensibly, authenticate a person, but in practice they do not. It is the computer that gets the direct access, not a person, so we could as well be consistent and have a procedure designed to authenticate a person+computer pair. And that leads us to a much more secure way to authenticate: using the strong encryption, either symmetric or asymmetric. Arguably, this is also easier on the human user! Instead of remembering hundreds of weak passwords, many of which are identical, one can simply outsource this whole thing to a piece of trusted, secure hardware. Let the computer generate and remember the public/private key pairs (asymmetric) and the shared secrets (symmetric), and to use them automagically. Given a properly secured cyber-brain (a private, wearable computer with absolutely no remote control of any kind), stealing the keys remotely is impossible, even if they are kept unencrypted. The only practical way to get them is to steal the actual hardware, which is prohibitively expensive for most kinds of illegal activities.
The biggest benefit to the user, IMHO, is the simplicity of the security protocol. Keep your cyber-brain and its backups physically secure. End of story. Even the dumbest of people can do this much for their wallets today.