WashTech: The real threat to password security

The Washington Post has an article on the real threats to password security.
People stealing the password database
People writing their password down
Keystroke loggers
social engineers
password reset websites
The writer argues that traditional password policy makes the problem worse instead of better.