Re: Password complexity
The NSA used to recommend writing passwords down on paper and keeping them in your wallet for this very reason.
Password complexity didn't help with conficker, turning on your firewall did. Most of the impact of Conficker was actually where it locked out accounts while trying to guess passwords - this implied a lack of success in cracking those simple passwords since it wouldn't have locked them had it been right.
Patching was also useful as well as an up to date AV that wasn't McAfee based. Sadly, most IT people have an unexplained fear of configuring the Windows firewall, and treat patches with suspicion. Some of them were also duped into installing McAfee virus software believing it to be antivirus - these were the heaviest hit.
The only way to clear Conficker successfully was turning off the switches and offline patching and scanning the endpoints. Most companies I saw ignored this advice and spent a week chasing tails before accepting that the hard way would be quicker.