[Cryptography] Security Fatigue

Jerry Leichter leichter at lrw.com
Sun Oct 9 17:17:09 EDT 2016


The only thing remarkable here is that anyone thought it remarkable enough to publish.

You could find all the examples you need years ago at any organization that enforces a quarterly password change policy.

Personally, I long ago decided that when faced with a poorly designed security system  it's important to understand first who is really being protected.  If it really is *me*, and I have no alternative but to use the system ... I'll work hard to keep things safe regardless.  If the real victim of a security issue will be the organization that is enforcing the stupid policies ... I'm perfectly happy to game the system to make using it tolerable.
                                                        -- Jerry



More information about the cryptography mailing list