The Aberdeen Group recently published a study that found that most organizations still rely primarily on passwords to protect their assets. The study also found within its sample that 64 percent of organizations do not even require users to change their passwords, 45 percent allow standard dictionary terms, like "password," and 29 percent of organizations have no requirements for password length.
Resource: SANs Institute (characteristics of a weak v. strong password)