[Cryptography] Security Fatigue
Jerry Leichter
leichter at lrw.com
Sun Oct 9 17:17:09 EDT 2016
The only thing remarkable here is that anyone thought it remarkable enough to publish.
You could find all the examples you need years ago at any organization that enforces a quarterly password change policy.
Personally, I long ago decided that when faced with a poorly designed security system it's important to understand first who is really being protected. If it really is *me*, and I have no alternative but to use the system ... I'll work hard to keep things safe regardless. If the real victim of a security issue will be the organization that is enforcing the stupid policies ... I'm perfectly happy to game the system to make using it tolerable.
-- Jerry
More information about the cryptography
mailing list