Come the revolution...

My sanity is being questioned for the second time in less than a week. In this instance it’s because I have stated my opinion that it’s ok for company employees to write down their passwords. There are conditions attached to that statement. Use common sense and don’t keep the note anywhere close to your computer.

People write them down anyway, and a policy banning the practice is unenforceable. Given the number of passwords and the complexity that we enforce then expecting everybody to be able to remember all their passwords is completely unrealistic.

What we need to have instead is pointed security awareness messages that give sound advice about managing passwords. By all means make dictatorial edicts, but history tells us that many dictators get their come-uppance come the revolution…