You realize the password problem is getting out of hand. We are requiring (or asking/begging) people to
- use separate passwords for everything and
- to make the passwords longer, and
- to use symbols, numbers, upper case, etc. and
- to change their password more often.
There are articles like How to Create a Good Password that You Will Never Forget or the following video by Google:
The ideas on these two sites are fine when you think of doing a single password. But what about the dozens/hundreds we all have between work/school/home? Because we are making it harder, many will choose to take the simplest route possible when they have to change. They will write them down or keep using the same one over and over between different sites.
I don’t think this is getting better and I don’t think IT is helping. We have no answer.
Is your organization doing anything interesting to help with this problem? Are you using any of the password vault tools available? Any other methods? I’d like to hear your thoughts on what we should do and how to effectively solve it at an organizational level.
Related, I was accessing a company site recently and the site brought up an ugly security warning telling me I needed to accept something. IT should never allow that to happen because it trains those who encounter it to just say yes or accept or install without a clue about what it means. Just like we all seem to agree to license terms on new software installs without even pausing to read the agreement.