Kaspersky Labs shares an excellent commentary on why it's difficult to remember and manage Passwords, esp. in systems where password complexity is a a requirement.

JUL 28th Entry -- When your brain runs out of memory
http://www.viruslist.com/en/weblog?calendar=2006-07

QUOTE: Back in the Middle Ages, a password was exactly what it said: a simple word that could be used to gain access to a castle, a secret meeting or any other closed area. These days it’s less likely to be a word, but rather a string of characters like “hTfd4Xz”.

There are situations where passwords don't need to be very complex, since the user will be forced to wait a couple of seconds after each attempt (e.g. when logging on to a server), or because the system will block further attempts after a wrong password has been entered several times (e.g. ATMs). This means that simply trying all possible variants (a brute force attack) isn’t going to be very useful.

However, the story’s very different for encrypted data devices – if they fall into the wrong hands, an attacker can just plug them into his computer and try out all passwords without any limitations.