In the world of passwords and computer security there is:
• The Good: 8 - 24 characters, using upper/lower case mix, numbers with letters and even punctuation and special characters at times
• The Bad: Using a simple word, i.e. hotdog
• The Ugly: Using no passwords at all, or keeping a plain text copy of passwords under your keyboard or on a file with no security

The Issue:
Currently most companies, especially small and mid-sized businesses use a mix of The Bad and The Ugly. Most computers have a simple password or no password at all. This also applies for the Servers and routers (this is very Ugly). This would allow someone to enter the network and possibly take information. Since many passwords are never changed a rouge employee or disgruntled past employee can feel very confident that the simple passwords they knew are the same weeks or even months after they left.

The Solution:
The solution is one that involves changing the way users use their systems. Passwords should be created for all systems, they should be difficult for someone to guess and they should not be shared, even among co-workers, and you need to discourage your employees from printing their passwords out. Password policies can be frustrating for users that are not in the habit of remembering a complex password, this can be eased by turning a easy to remember phrase into a complex password, i.e. if you like fishing you can change that info f1sh1ng! now you have a complex password that you can remember.

You will always have push back from employees, most will complain that they simply will not be able to remember a complex password. Others might say that it is just another control policy. It would be wise to remind them that their bank requires complex passwords and I am sure they would not want their bank account sitting online with a simple or no password. Well the business is kind of like a bank account for the owners, and depending on the data the business deals with, could be for all their clients as well.

If you are a printing company and you have no passwords on any of your systems, you could be opening your clients information for any hacker to steal. Be it marketing campaigns, billing information, or just a list of who you work with; this can all be valuable data on the black market.

In closing, it is just a wise move to keep your systems protected with a set of complex passwords that change on a regular basis. It is not the end all be all of computer security, but it will get your company off to the right start.