[Tomdarkness]

Quick and simple solution. If you are only using key based logins then just disable password SSH logins, add:

  ChallengeResponseAuthentication no
  PasswordAuthentication no
  UsePAM no

To your sshd config and then you don't need to worry as much about if one of your accounts has a password of 1234.

[sp332]

If any of your accounts get compromised, a simple su to the account with a weak password will give them everything. It's a big improvement, but the weak password is still a vulnerability.