I have been in the back of several bank branches and can tell you their passwords are generally not that great, they put their passwords on sticky notes on the screen in case someone else needs to use the computers.
A business will say that they want security, but they will do little to help the staff deliver on it, then that forces staff into situations where they are doing wrong just to make it through the day.
I use basic throw-away passwords on many things, but it irks me how I can go to a site that will ask for a password and I will put in a 22 digit password that it rejects (8 digits are "words") due to not being secure enough, yet "FekY0u" will get a huge green tick and say "Thanks! for picking a secure password"
Perhaps the truth here is all a bit more logical.
They are finding that the rainbow tables are too big to store on a single USB stick that can be left on a train, so they are trying to get users to stop that from growing.