|Keep It Simple, Stupid|
Shame it's not in my power to fire people or force them to sit through a three week class on basic computer security.
That's one point where I may have an advantage: We had a security incident last year, were a trivial passwort was guessed and used to send out spam from our systems. It was mainly annoying, because the provider we use to send out mails (smarthost) simply locked our SMTP account after a few mails.
And I will simply send out a short presentation about passwort security to everyone. Just a few sheets, should take no longer than a few minutes to read and understand.
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
In reply to Re^7: Replacing crypt() for password login via a digest - looking for stronger alternative