So a number of people I know professionally and personally have been sending around the XKCD password comic and chuckling about how silly the security people are that think people should have to remember complex passwords. Here is the comic http://xkcd.com/936/ Okay - now comics aside if you want to approach this problem like most enterprises have had to you need to know a few key things about your environment: 1 - What types of passwords do your key applications support? (unless your environment is one of the rare ones that require that a central authentication system is used, each application presents new an potentially unique authentication challenges). Check to see if your applications support SSO or centralized authentication (LDAP, Windows Domain, etc.), check to see what type of complexity the application supports (does the application allow you to use only letters? does it allow you to use mixed case? does it support numbers or special characters?). 2 - Two factors ar
Ideas, tips, tricks, and theory on Information Security, risk management, forensics, and e-discovery.