Hard to argue against that.

> not silly password requirements

You don't think that password requirements help prevent breaches?

Try this: hook up a server to the internet that's open to ssh. If you look at the ssh login attempt logs, you'll notice that you constantly have people banging against it, trying to log in as root. Yes, password requirements are a small part of overall security, but they are very helpful.