People are also going to keep thinking they're clever by using "fuck" as a password. Remember last time?
http://davidgerard.co.uk/notes/2007/05/07/tubgirl-is-love/
A better password algorithm will at least solve a part of the problem that's understood. Anyone who would choose to use SMS would, I suspect, have picked a good password in the first place. Can we do anything practical for people who can't remember passwords?
OpenID as a consumer somewhat helps with this problem, as people are more likely to use more complex passwords if they have to remember fewer passwords.
From a practical point of view, minus enforcing complexity rules, or at
least showing a password strength indicator and encouraging strong passwords, there isn't much to do.
Respectfully,
Ryan Lane