[stomachmonkey]

Bunch of years back my CEO, President and Co Chairman were resisting the need to have a PW policy.

So one morning I decided to play hacker for the day, let's see how many mailboxes I could get into.

I gave myself 3 simple criteria to try, default password, initials, b-day and a 4th which was if I knew something personal about them like the name of their sailboat, the tail number of their plane, pets name.

I got into more than 50% of the accounts that I tried, we are talking well over 100 accounts accessed.

I did not get into the Presidents but it really did not matter since I got in to 80% of the Sr Management/Executive accounts. We sent most of our mail to each other so almost all of his was exposed anyway.

Email security is a PIA but it's necessary. It'll never be 100% secure but you need to do whatever you can to try.