This is not surprising, I see these things at the DoD every day. Part of the problem is that the DoD security directive mandates a separate and unique password for every system accessed. Passwords have to include a special character (!@#$&), and some must include upper and lower case letters as well - and they can't be written down. The reality is that where I work, it is not uncommon for people to have 15 to 20 different passwords that they have to use every day. It is a complete denial of reality to expect people to NOT write down their passwords. This would truly be a good place to implement Smart security cards on the PCs.
Gary Government agencies fail security test Government agencies have some chronic problems with their computer security, according to testimony at a congressional hearing Friday. complete article.... http://www.zdnet.com/zdnn/stories/news/0,4586,5099428,00.html
