It's a constant battle between those who manage IT and those who use IT. Security is paramount to any business (some more than others), and the greatest security risk to a business comes from the users of IT themselves, especially when it relates to passwords. It's amazing that we'll get calls about how to protect a business from the latest virus or spyware, but then executives use "password" as their password. Crazy.
It's not an uncommon gripe. People are too busy (euphemism for lazy) to remember a lot of passwords. So they use the same one for every site (personal and business). And it's usually something as easy as "password." Well we serve as the IT parent for a clients, so most users get a stern talking-to about that practice. Not that a lot of them listen to us, but we have to make an effort.
But there are solutions out there that we're starting to like. And there are processes that almost anyone can follow. Check out the article below for a good primer on this topic.