Users should not be allowed to choose passwords. A 25 characters long, strongly randomized password should be generated for the user, so he's forced to use something like keepassx.
Ridiculous. If I have 5 bitcoins in my account and want to use 'boobies' as my password, it should be my own rights, my own problem, at my own risk!
Most security-minded people never bother to see how usable these measures are.
Don't you hate it when you always use a simple password for non-important login, and then there's this silly site that demand the password for you to log-in and play flash games must contain 2 numbers, 3 signs, and 1 egyptian hieroglyph???