Quote:
Originally Posted by Head416
People need to understand that when they set the bar too high for the user (complexity, frequency of change, lack of uniformity across systems) they reduce security because the passwords end up on a post-it note on the monitor.
|
Even worse...
I deal with sensitive material for the government. We have devices that hold encryption keys. These devices hold up to thousands of keys that are what protect our networks (radio, voice, computer networks, etc.). When I was in Iraq, it was very, very common to find one of these devices, remove the battery from the back and see a big sticky note with the password right on there. This falls into enemy hands...goodbye secure communications. Worst one I ever saw had the sticky note between battery/device and also had a listing of all the keys and what they were used for on a label running down the side of the device. Sometimes, the stupidity of humans truly astounds me.