Blank passwords are horrible and based on the "we cannot comment on Yukon" from MS people, this is being addressed. Soon we should have expirations and possibly lockouts.
We use the same pwd for all SQL Servers but it changes every 30 days. Not sure if this is better than different pwd for all machines and having them longer. We also use PasswordSafe (www.counterpane.com) to store our passwords so they are available to everyone.
A note on biometrics. A number of people have found flaws in here. You only have ten fingers, accidents occur, and it's a digital representation of your finger, not your finger. If it becomes compramised, what do you do? How do you resolve this? It's likely a much bigger issue than a secure valdation. Also, the fingerprint readers have been fooled, a glass with you rfingerprints, a little jelly, and you can lift and reproduce the print.
Steve Jones