I've started working on what will be an article or presentation on password security.  Its debated whether passwords are an acceptable method for authentication.  Below are some of the problems, and workarounds, of password issues.

Problems with passwords:

1. Passwords are a form of security by obscurity
• Basically, we are relying on a secret to keep us secure
2. Even complex passwords are easy to crack if you have the hash
• Rainbowtables have made cracking complex passwords fast and easy
3. Password hashes can be sniffed off the wire, even in switched networks
• ARP cache poisoning and other MiTM attacks are easy to do
4. Users can't remember good passwords, especially when they are forced to change them often
• How many people can remember 7p(4ZR#u for more than a couple of minutes?

Password solutions:

1. Don't use them
• Use Biometrics, Tokens, Smart Cards instead
2. Adding extended-ascii characters to passwords can make a better password
• Most brute force and rainbowtable attacks can't handle Alt-(numpad0128-0159) characters
3. Encourage users to write down passwords, but keep them safe
• Keep them like money.  Put it in your wallet.  Don't tape it to your monitor or leave it on your desk.