I find his advice to be spot on and I see proof of it every day. People still use 'Password1' as the key to their AES-256 bit encrypted file system.

You don't have to be a mathematician to attack AES-256, you just need to know humans and do some password analysis.