Over the past few years there has been a lot of discussion and research on the weakness of password use. Should passwords be changed on a periodic basis? What's the best compromise on complexity requirements and one's ability to memorize the password? Is single sign on too risky? Are passwords even effective at all? The arguments, and proponents or opponents for each, can be found everywhere.
Being the rational, level headed guy I am, I like to look at each scenario from a risk based perspective. You really have to consider the vulnerability and threat and pick a proper control to address the specific risk identified. In some cases you'll pick multiple controls to address multiple risks.