One way to help your users understand what a poor password is, is to demonstrate it for them. With the right equipment, you can easily set up a password cracking lab for a lunch-and-learn (most likely, the IT or security department already have the required tools available).
You may also point users to a site like https://howsecureismypassword.net/ where your employees may type in their password and get a rating giving them the strength of the password (if you trust sending them off-site, of course).
* Ron Knode Service Award by the Cloud Security Alliance
* NCI Fellow at the National Cybersecurity Institute in Washington DC
* JCI ITF #132
* Amazon Bestselling Author
Author/editor of the success books:
* Build a Security Culture, IT-Governance 2015
* Protecting our Future (Chapter: Cybersecurity in International Perspective), Hudson Whitman 2013
* The Cloud Security Rules (Editor, author), The Roer Group 2012
* The Leaders Workbook, The Roer Group 2010
Latest posts by Kai Roer (see all)
- Join the 2017 Security Culture Conference - March 7, 2017
- Interview with Wolfgang Goerlich on Security Culture - February 8, 2016
- How Culture Impacts Negotiations - December 2, 2015