Often the weakest point in information security lies between the seat and the keyboard.
My son, who has a B.S. in information Systems and is in the midst of testing for various certifications, was horrified when he learned that my response to having to update my password at work ever 2 months was to write my password on a post-it and stick it to my monitor.
Perfectly reasonable as the likely threat is from some hacker in Belarus not your secretary sneaking in.
This much more common than you might think. We had people that would just increment the last digit of their password by 1. This went on for years until the security team changed the rules for passwords.My son, who has a B.S. in information Systems and is in the midst of testing for various certifications, was horrified when he learned that my response to having to update my password at work ever 2 months was to write my password on a post-it and stick it to my monitor.
Perfectly reasonable as the likely threat is from some hacker in Belarus not your secretary sneaking in.
Often the weakest point in information security lies between the seat and the keyboard.
Bruce Schneier, who I'm sure you son is familiar with as an info security guru has long recommended writing down long, complex passwords. You might want to consider a more secure location for the paper like your wallet, though. A newer, highly secure system is password manager software. There are several good ones out there that can help you maintain many complex passwords across multiple accounts and devices.
He (and the NIST organization) also advocate against the password rotation system which leads to lower quality passwords so that they can be remembered.
Eh...true, but not the problem.
Sorry, but the user was absolutely the problem in the picture. No security practice can stop that kinda stupid (publicly posting your SSN).
Eh...true, but not the problem.
About fixing users, Bruce Schneier also says this:
https://ieeexplore.ieee.org/document/7676198
Having trouble reconciling:
1) Create passwords you can't remember, and store them all in one electronic cache (because you can't remember them)
2) Anything connected to the internet can be hacked, eventually
wait a sec.... so art has been tax evasion this whole time