I especially like the “Security Theater” line.
Nearly everyone who works with a computer has gotten some version of the ‘Password Memo’.
The Password Memo lays out lots of rules for passwords – i.e., they must be at least eight characters long; they must include numbers, upper and lower case, and punctuation; they shouldn’t be your user name, names of family members or pets; they shouldn’t be (or even include) dictionary words; and they should never be reused. Oh, and you should never ever write them down and you should plan on coming up with a new one every thirty days……..
What these rules do, mostly, is give the impression that the IT people are doing something about security, and thus make everyone feel safer — a trick known in the trade as “security theater.”…….
So, once again, we find ourselves taking measures not to prevent bad consequences, but to protect ourselves from bad litigation.