Reminds me of that time...
a guy took an iPad around the building saying that the IT security team were concerned about password strength, and had sent him round with an app to check it. The script went along the lines of
"they can't check their files, as the passwords are all stored in an encrypted form. Don't worry, you don't have to tell me the password - we'd never ask anyone to tell us their password. All you have to do is type it into the app and tell me the score you get out of 100 for password strength. I'll write the score down next to your username."
I understand they got over 80% of the passwords.