Here's a new concept that will help reduce locked accounts for Corporate users permanently:
It's called, "close enough technology". When typing in your password to log into a machine, how many of you fat-finger it, and how often? Do this a few times in a workplace, and you may require someone to reset it. Add in several thousand employees, and you now have a full-time position resetting passwords.
But honestly, how many of you want to be the password Nazi, if the users DO know their passwords--they just can't type in the mornings without coffee?
Close Enough technology allows the platform (Linux, Windows, OS X) etc. to "understand" your password even though you mis-type it, and be able to match it within a few characters (globally or group-level configurable) and still let you in.
Here's how it would work:
1) Type in your username, which obviously will have to match, because you can actually SEE it onscreen.