Everyone appears to be talking about passwords at the moment. There’s a great illustration of why the human element of security is of major importance on an old blog entry of Simon’s (incidentally, ten minutes googling helped me find this when I had no idea anymore of where I’d seen it — now that’s the point of searchable information sources!). There are some interesting techniques put forward, first by Eric Meyer and then also by Matt Haughey. I have a similar tiering scheme for passwords — things that require similar security levels will have variants of the same password. Arguably I don’t change these enough and only have properly weird passwords (constructed using a technique similar to Matt’s) for things like root passwords for my machines or websites. Still, it’s good that this kind of advice is percolating.

Personally I think that password management is something that should be taught to everyone who ever has to use a computer — before they’re allowed to own one even. Which, admittedly, is right up there with my belief that effectiveness in an average company would go way up if everyone was sent on a) a speed-reading course and b) a typing course as a first step. Most people think faster than they can read or type — if we just fixed that then people would have more time in their day and less stress. At the end of the day though, none of these seem to happen. But when consultants start raking in the cash by advising companies to do this, remember, you heard it here first folks 😉