The more paranoid the network admins (or security council, or board, or whoever sets the rules) the more obscure the passwords must be, and the more often the need to be changed. What these people fail to realize is the average human worker just wants to do their job, and can't remember Syz8#K3! as a password. So what do they do.... Out comes the post-it-note on the desk, or in the drawer, or under the keyboard, or the file on the desktop called “passwords.txt“... if your password is so hard to remember that you have to write it down, then you have no security at all.
Saturday, May 23, 2009