Talk to your users. Write a two-page handout describing good password security practices and provide it to new users. Explain the concept of "strong" passwords. Make sure that they understand the ways in which passwords can be compromised and the risks involved it that happens. Encourage the use of SSH or similar communications software. Also encourage them to report people who stand around watching them during login. Always remember that you get a lot more mileage out of working with them.