True computer and network security takes a lot of work to implement and it takes a lot of work to use. Despite training (if any) and admonitions by their supervisors and the IT department, the lazy create simple, easily-guessable passwords, write them down, and post them on sticky notes right in their cubicle or on their monitor. Even though we IT folks enforce password complexity policies, the effort is wasted if the user post their passwords in plain sight.
Maybe I’m dreaming, but I think that even the lazy can take the time to come up with serious passwords and take measures to make them memorable and/or write them down in a secure way. My article on generating secure passwords describes a method of doing this; it takes a bit of work at first, but once implemented, it’s a simple system that even the lazy can appreciate. (You may guess that I’m no fan of password managers or stored passwords and your guess would be right.)
If more of us IT geeks put more work into developing simple password generation and mnemomic systems for the lazy users, perhaps our networks would be more secure; perhaps not, but it can’t hurt now, can it?