Ppfft....
I.T. folks can whine and moan about "poor passwords" all they like, but I've worked in this industry long enough to know that it's never going to really change.
The entire concept of providing some "difficult to guess, yet easy to remember" password is horribly flawed at the core.
All of the work-arounds for this are boneheaded "band-aid" fixes that cause more problems than they solve -- like demanding users change a password every 30 days. That just ensures people forget what they used, or get tired of the struggle and start using weaker, easier to remember passwords. After all, their priority is getting logged in to use the service or get to their data!
A small step forward is using a password manager like LastPass and only having to remember one "master" password to the service, which keeps the rest of them for you and auto-fills them as needed. But let's be honest. That's a great example of all your eggs in that one basket. If your password manager service gets taken down with a denial of service attack, or they go out of business, or ?? -- where does that leave you? Can you actually remember any of those passwords you let the thing randomly generate for you years earlier?
Two factor authentication provides some real security, and it's a legitimate improvement on the status-quo, but it also adds a lot of inconvenience for people. IMO, it's well worth it for SOME things, but certainly not for all websites or online services.
I think it's really time we get away from the idea of keying in passwords at all, and use another form of identification for computer logins. Facial recognition using a webcam or camera attached to a system has some promise, at least for your everyday use cases (message forums you need to sign in to post on, your Facebook account, etc.).
Sounds like a typical case of users using weak passwords (which most users tend to do) and hackers using common words to guess them. Amazing that with all the attempted hacking and identity theft and such going around that people still refuse to use complex passwords and security features. Especially celebrities.