Security: More is Less

In these days of identity impersonation and unscrupulous restaurants filching your credit card details, security is right up there with flossing and backing up data as something you really ought to consider though most people don't really.

But you can have too much of a good thing. Take, for example, a recent contract job I was hired for, to clean up a messy CSS 'situation'. The logon to the workstations use a 6 character passcode and 6 numbers generated by one of those funny little key fobs the bank insists I have.

This is overkill, as I absent-mindedly left my chunky keyfob at work in an unlocked drawer, leaving the not-particuarly-likely hacker only 6 characters to crack. Even worse, I left my workstation unlocked when away from the desk as I can't bear the faff of entering all those details when all I wanted was a cup of tea.

Compounding this security disaster was the fact that I didn't have admin rights on the Windows box, and I had to badger a sysadmin so often he divulged his passcode and then simply shouted out the random numbers in a lottery fashion whenever I wanted to install a font or edit the template settings for Notepad++

The way that more security can induce a less secure a system is profoundly illustrated by the XKCD webcomic in a strip entitled Password Strength -- better (apparently!) to have four ordinary random words than 5h0rt. 6!bber!5h uN-m3m0rab13 w0rd^5.

Maybe simplicity has more to do with security than is first apparent.