[Discuss] A Little OT: The Password Post-It
Richard Pieri
richard.pieri at gmail.com
Wed Apr 18 13:18:16 EDT 2012
On 4/18/2012 12:29 PM, Chris O'Connell wrote:
> I guess what I'm looking for is a non-technical solution or idea of how to
> keep users from having to write the passwords on postits.
Password policies are stupid.
What needs to happen is that these folks need to be made to understand
the nature of the threats involved and why protecting information is
important. Once they understand that it is a short step for them to
ask, "what can I do about it?" That's when things start to stick
because it isn't a policy being put in the way of their work but their
own actions protecting their work. Having a vested interest in good
security practices means they'll be more likely to remember their
passwords instead of needing to write them down. Just as importantly,
when they are part of the security process like this they are less
likely to be exploited socially.
--
Rich P.
More information about the Discuss
mailing list