Password security
The VC allows for insecure passwords
See
Passphrase FAQ
Possible remedies
Require longer, more varied passphrases
Couple passphrase checking with public key authentication
