We covered the sad state of affairs of passwords back in January. But this blog post from Symantec goes deeper into the issue. I realize it's a fairly small sample and also is likely weighted toward more experienced users, but that should actually prompt you to think about what the general population is doing.
No matter where you fit, be it end-user, employee, IT, attorney, etc., seeing how your peers approach passwords should give you an idea of the true level of security of your data; within and without the enterprise.
How do you measure up?