One way to help your users understand what a poor password is, is to demonstrate it for them. With the right equipment, you can easily set up a password cracking lab for a lunch-and-learn (most likely, the IT or security department already have the required tools available).
You may also point users to a site like https://howsecureismypassword.net/ where your employees may type in their password and get a rating giving them the strength of the password (if you trust sending them off-site, of course).
* Ron Knode Service Award by the Cloud Security Alliance
* NCI Fellow at the National Cybersecurity Institute in Washington DC
* JCI ITF #132
* Amazon Bestselling Author
Author/editor of the success books:
* Build a Security Culture, IT-Governance 2015
* Protecting our Future (Chapter: Cybersecurity in International Perspective), Hudson Whitman 2013
* The Cloud Security Rules (Editor, author), The Roer Group 2012
* The Leaders Workbook, The Roer Group 2010
Latest posts by Kai Roer (see all)
- Security Culture Framework Forum moved to LinkedIn Groups - 15/11/2018
- Security Culture Framework recommended by ENISA - 10/02/2018
- Volunteer position: Webmaster - 11/07/2017