[Discuss] A Little OT: The Password Post-It

[Richard Pieri]

On 4/18/2012 12:29 PM, Chris O'Connell wrote:
> I guess what I'm looking for is a non-technical solution or idea of how to
> keep users from having to write the passwords on postits.

Password policies are stupid.

What needs to happen is that these folks need to be made to understand 
the nature of the threats involved and why protecting information is 
important.  Once they understand that it is a short step for them to 
ask, "what can I do about it?"  That's when things start to stick 
because it isn't a policy being put in the way of their work but their 
own actions protecting their work.  Having a vested interest in good 
security practices means they'll be more likely to remember their 
passwords instead of needing to write them down.  Just as importantly, 
when they are part of the security process like this they are less 
likely to be exploited socially.

-- 
Rich P.