The publishing of the attached xkcd comic kicked new life into the debate about password security. Security experts and non-experts have debated the math, the strength, and the purpose of creating passwords. Password generators and keepers, like LastPass and 1Password are ideal, though, I think, unrealistic to expect from all students in a K-12 setting.
The most likely security danger with school accounts is not an elite hacker running attacks against your Active Directory server.
The real, day-to-day security risks are the humans. It is a 13-year-old writing her password on a sticky note so she remembers the password she created to meet the school's complex password requirements. It's the person in the business office with the password taped to his monitor because he can't remember if his password had a # or %.
If we can trust in the core math of the argument in the comic, we can leave the debate over entropy to the mathematicians. We know the habits of the students and employees at our schools, so let's focus our efforts on the security threats we see every day and can prevent and update our policies to meet those threats.