Rational to Use Poor Passwords?

So claims a Microsoft research paper:

It’s hard to blame users for not being interested in SSL and certificates when (as far as we can determine) 100% of all certificate errors seen by users are false positives.

The premise of the paper is that using strong passwords, checking that URLs are not phoney, and reading SSL certificate warnings cost the average user far more in time than what they are, on average, likely to lose. Furthermore, most password attacks are through phishing and key logging, in which strong passwords provide no protection.

Interesting throughout.