Well we’re essentially at a disadvantage, security needs to keep up with the latest threats but for anyone to be a security risk he can do anything in the list of bad security practices going back to the dawn of computers! It’s also a time issue I guess when you have to spend a lot of time scanning and analysing logs and such tasks, so going around the office looking for post-it notes with passwords is unlikely to be high on one’s to do list!

And the list is missing some “older” issues too such as ensuring that people do not throw away confidential data without shredding it. While dumpster diving is not that popular anymore, it doesn’t mean that it doesn’t still happen!

You won’t believe how many times our own IT dept has found the randomly neglected post-it with the latest password to our main. We haven’t gotten to the next catastrophe past that, but I hope we don’t have to.

Very sorry to hear about your friend. May I point out that if your friend is simply using a 16 character password to log into her system she is not really protected; should her laptop be stolen again anyone can boot from an alternative OS (using live cds) or simply disconnect the hard drive and connect it to a system that the perpetrators have access to and still get full access to the hard drive.

If she really wants to protect her private data on her hard drive she also needs to enable encryption in addition to using strong login passwords. On Windows this can simply be done by going in the folder properties of the folder one wishes to protect if NTFS is used as the file system.

If she decides to do this it is also a good idea to read a bit on the subject before implementing it and follow the recommendation on backing up the keys used for encryption in the event that she will ever need to reinstall the system, or else she might lose the encrypted content.

There are also 3rd party tools that can help with protecting hard drive content.

Now her laptop is protected with a 16-character password with letter, numbers and characters. LOL