![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Today's User Friendly strip makes a security point I've commented on myself many a time: If you make your password policy demanding enough, you can force all of your users to write their passwords down, and the odds are at least some of them will leave their password notes where they can be seen and/or found by someone who shouldn't have them. At which point your carefully crafted password policy, proof against any but the most massive distributed brute-force attack, becomes vulnerable to the pizza boy who happens to glance at the receptionist's desk while chatting her up on his way through the front lobby.
Tags:
no subject