You know you could match it against a corpus and reject the password as being too weak. Right now it's just a graphic, but if you become proactive about it by education through a meme or something and reject passwords. Then maybe people will learn.

An astonishing number of those users love chain emails. It's certainly not an exclusive set, so why don't we use that? Make it "cool", or something.