more on corporate insecurity

After re-reading my post on corporate insecurity, I added the tag of user experience because one of the main victims of all the nonsense corporate IT security is the experience of the end user. It’s awful. Users have to keep up with tons of password and ID combinations. Rarely do the passwords expire at the same time. Often the password requirements vary. It’s a completely terrible experience. And IT seemingly doesn’t care.

The point I was making in my previous post is that they’re not actually making the company more secure. Because of the multiple passwords and IDs and requirements, users resort to insecure methods of remembering them. At one company where I worked, it was common knowledge that everyone had a Post-It stuck to the underside of his keyboard with the system password on it. This was in case an employee was out and the group needed info off that computer.

My current boss made a comment this week that if IT had their way, they’d shut down all IM programs including the one we use officially in the company.

In this way, IT departments are tiny fascists insisting that they’re making us all more secure by sacrificing our electronic freedoms. And this notion is wrong and old-fashioned.