Comment Re:We needed a study for this?!? (Score 1) 299
I'd start, with "I think you need a new sheriff". User behavior in many of my examples is wrong, sharing passwords (would you give someone your social security card or drivers license), sticky notes on monitors (a physically secure note would be a better option) are poor ways to deal with the issues.
There are better ways for a user to deal with the strictures placed upon them than what is frequently seen in the wild. If you can remember a phone number, address, URL, what someone else wore, etc. you can remember a password. I believe on of the major issues is that users were one day given a computer and expected to know how to behave, without guidance or expectations.
Please don't take this to mean that frequent password changes, complexity requirements, etc. aren't bad policy, and seem to lack all consideration for the human part of the equation. The broader point is that fixing the user choose poor passwords problem won't fix anything, if we don't fix the underlying culture and behaviors.