Quote:
Originally Posted by Worldwalker
There are people who write their strong passwords on stickynotes and attach them under their keyboards or, worse yet, on the sides of their monitors. People, in one case I knew personally, in the accounting departments of very large corporations. Protecting yourself from a dictionary attack doesn't do a whole lot of good if any random person can just walk up to your desk and read your password.
|
That problem relates to IT departments mandating 90 day changes of passwords with no repeats for the last 10 passwords and a mandate of 90% change for the new password as compared to the last 10 used. As well as mixed numbers, letters and punctuation.
Shockingly such draconian user-unfriendly policies result in rampant security violations as users put passwords on sticky notes, in their wallets, on their pda/phones etc. Sure some people (this is especially bad in accounting and financial departments) will put passwords on sticky notes attached to their monitor no matter what you do. But by making it so unfriendly many more users are forced to take such action just to be able to do their job. Not everyone can create passwords that fit IT criteria of a good password and commit them to memory every 3 months. Especially without reuse. If you really need such security use an skey token with generated passwords every 30 seconds or so. (something you have + something you know security).