>But *everyone* needs to use secure passwords. At least for stuff they care to keep secure. It's not a complex concept, really.
Not a tricky concept, but a PITA in practice. Such is life! Some people advocate the use of password managers, though only last month The Reg reported of a security failure in a popular example of the breed.
Personally, I use the tiered approach, so might reuse the same password across low value sites (seldom-visited forums, for example) whereas email and banking sites get complicated (non-dictionary, UPPER lower case, !"£$, numbers, mixed up) passwords.