Is it that really that hard for users?
You can use a password vault like lastpass to store a different password for every site you use. It can generate them for you containing a mix of lower and upper case, numbers, special characters. You can use it on any device. You then protect this with two factor authentication. Preferably with something like duo that provides out of band push notifications to your phone and even better use this with Touch ID if your phone has it.