Many people will set super-easy passwords to the systems they control. No matter how high the stakes, in some part of their brains, they just can’t believe anyone would get in and do anything wrong. So the lesson is this: any system that depends on everyone involved understanding the stakes and acting accordingly and conscientiously… is doomed to be more insecure than any one person will know. Systems should be designed so that Pollyanna won’t blithely compromise them with naivete.
One commenter noted that all-zeroes is no more random than any other series. But effective hacking begins with sets and series before it goes random. Also it is far easier to remember and send by phone a launch code that is a set or a series.
- Dave Hill, Maximum Insecurity