Even though you might disagree that your user are important and I agree that a lot of times they certainly don’t behave like they should be cared for, they represent the one link in your organisation you cannot control.
In IT security there is a very, very , very fine line between security and generation insecurity. A lot of admins seem to think “me first, users follow”. Actually, gentlemen, you are so wrong it’s not even funny anymore.
Your users are the variable that you need to be most careful with. The worst part is always passwords. I don’t know how many times I have seen and been told by users that they feel the multiple passwords and the weird complexity rules are just a burden that they have to deal with and that they need to find ways around for.
Simply said, the one thing that IT admins ALWAYS fail at is communicating to the users with PRACTICAL examples, why certain things are done and how they can overcome certain things.
For example, If you implement password complexity, most modern systems allow not use just SINGLE passwords but pass phrases.
So, why not just tell your users to pick a favourite quote or a simple sentences with an explanation mark in the end? You also get the additional nicety that you introduce an empty space which makes password cracking even MORE difficult.
Try it.. users will have a completely different approach after that.