Wow. Yup, passwords are passwords. Going ahead and sharing how long it took to crack it seems acceptable. Just means the individual needs to add some variety to characters. Sounds like a power tripper.
Our company has a 90 day expire and complexity requirement. I lost count of the times people have locked themselves out or forgotten their new password. The IT response is to reset the password to "password", leaving the account vulnerable until the user gets around to logging back in, forcing a reset to yet another forgettable password.