Here’s a blatantly stupid piece of advice: “Set a Blank Password in Windows XP to Protect the Computer from Internet Attacks“.
The reasoning goes like this: Windows doesn’t allow accounts without a password to log in remotely. Ergo, no password is better than a weak password because the account can’t be used to log in remotely. Hey, Microsoft recommends it!
Okay, the level of idiocy here qualifies as Epic Fail. First of all, this statement is untrue: “You have to be physically in front of the computer in order to get in.”
No, you don’t. You just need to get someone who is physically at the computer to open some file that will execute as another user (by, say, sending them a word document with an embedded macro that will attempt to run as Administrator, with no password). This is a pretty trivial social engineering attack, millions of people fall for similar tricks all the time. Drop a USB key with an autorun macro that will run as Administrator, someone will pick it up and stick it in their machine. Free USB stick!
I could go on, but I’m too busy pounding my head against my desk.