It is the developers responsibility to prevent users from choosing easy passsword. The complexity checker has a small list of passwords that were published on CNN. These are the first things that a brute force attack will try and use. The weakest password is
the easiest entry point into a system.
Developers should also show users what a good password looks like. Even if the user does not use the recommended password- most of the time he will add some complexity of his own based on the recommendations.