- make them use a password generator
- setup some guidelines like how much the password has to be long, what characters have to be used, etc.
- check the integrity of existing passwords with a cracking program and alert users with a weak password.
Many applications, that need identification in order to be used, have a default password. Although this password may be easy to remember, you should change it as soon as possible. Lists of default passwords can be found all over the net and that's probably one of the first things an attacker is going to try using. The same thing applies for any situation when a password is assigned to you, login and change it, right away.
An example of a list of default passwords can be found here.
For much more information on passwords and other methods of authentication, I recommend reading the excellent Authentication: From Passwords to Public Keys by Richard Smith.
As it says on the Addison-Wesley book page:
"[This book] gives readers a clear understanding of what an organization needs to reliably identify its users and how different techniques for verifying identity are executed."
And, to close this article, here are two interesting articles you might be interested in: