Second that. The nicest thing I've seen is at a large company, where you had to go through a very long and time consuming bureaucratic process in order to obtain the password (companyname123, identical for everyone).
I once issued an order to our service desk that qwerty123 was no longer to be given to users as a "temporary" password. They (the users) always said they would change it, but they never did.
At another workplace, I took Bruce Schneier's advice about writing down passwords (i.e, not a bad idea, so long as you keep the note safe) and gave credit-card sized, laminated cards to everyone with their unique and random password on it. Strict instructions to keep it in their wallet or purse. So these things turned up all over the place, stuck to desks, keyboards, and furniture next to desks. So much for that one. Unless people are getting fired for this kind of thing, they don't care.
I offered to crack my boss's email account to show how insecure our systems were, but he didn't act on it when I succeeded. But I did get the blame for hacking his email account a year after I left the company. Obviously, it was me (they reasoned) since "he's done it before!"
