One thing is certain – letting users pick their own passwords is a major security risk.
As an administrator you can simply test your passwords by running john the ripper over your passwords.
If john spits out passwords in single mode immediately this is an indication that your passwords suck!
This is where password generating tools come into play.
APG is a simple tool for random password generation. I recommend at least 8 characters for efficient passwords.
So here is an example on setting up a random 8-character password:
apg -m8 -x8
This will deliver a 8 charcter password. The m/x parameters indicate the minimum/maximum characters
If you want to make a password pronounceable (thus easier to remember):
apg -a1 -m8 -x8
User shell access
While checking your users passwords you might also consider checking if any users have shell access they dont even need.
You can list all users that have somesort of shell access by greping your passwd file:
cat /etc/passwd | grep -v /bin/false
Note: Some Services use /usr/sbin/nologin which is the same as /bin/false