tremor77 wrote:I do find in my workplace, as we strictly enforce a secure password policy.. 9/10 users have their password written down, many in plain site.. because.. the average user is blatantly lazy. Yellow sticky note on the monitor. My boss.. feels he is clever, his is under the keyboard.
I feel your pain on this one. We have a similar setup in my workplace. Passwords must be of length 8+ with variations of alpha-numeric and punctuation characters.
But, as you so aptly put it, the average user is blatantly lazy, and so rather than memorise passwords that are harder to remember than 'my dog's name and my year of birth added to the end', those unaware of the necessity of password security have taken it upon themselves to pool their passwords (just incase personX is off is the logic...apparently) in a discretely hidden notepad... a copy of which resides on each persons desk, and often finds its way into their bags / other carrying medium at the end of the day.
Bearing in mind that we use 'forename.surname' as our userid syntax and each standard user has the ability to charge transactions to the company account and most PCs have RDP enabled.
Sorry to take this a little off-topic, but my point here being, that no amount of password strength, password or passphrase will matter when this kind of thing happens.