You can't secure what you don't acknowledge.SM

Tuesday, November 8, 2011

One of my pet peeves: relying on users to wipe out wimpy passwords

You cannot - and should never - rely on your users for complete security...yet they're often the first or last line of defense - sometimes both.

I wrote about this a while back but it's a problem that's still rampant in IT so I had to bring it up again. It's probably my biggest pet peeves with security. Simply telling users that they need to select strong passwords on their computer systems and leaving it up to them to do the right thing is delusional.

I do believe that most people want to do the right thing...that said, people are going to take the path of least resistance if they're presented with it. Set them up for success instead and take that power away when you can.

No comments:

Post a Comment