I attended an event related to organizational security awareness approaches, user training, and building a strong security culture over the weekend. Experts there discussed zero-trust frameworks, AI-driven threat detection, advanced phishing simulations… all the impressive stuff. One of the experts gave a funny example of him having received a WhatsApp message from one of his friends few days ago-

“Bro, we rolled out a new security policy. And to comply to that, people just added ‘2025’ to their old passwords!”

The room erupted in knowing laughter and it took me to a time travel of my career times….

Back in the day, we told users to not share passwords. Weeks later, we ended up seeing an Excel file on a public drive with a name “BillingTeamPrivatePasswords.xlsx”. Bas naam hi private tha, bhai!

We had declared that “We need stronger passwords with special characters!”
One of the users added an exclamation mark at the end to all his passwords. And publicly he used to tell everyone the same as if he was feeling like a hacker!

I have seen a workplace selfie for FB by an employee (and a friend!) with all his passwords open in Notepad in laptop in background. It was to publish #WorkLife happy moments! (On the other side, let the company continue spending millions on security awareness and tools!!)

Someone had reported a phishing email as “very suspicious.” Then had clicked it. Just to check if it was really bad!

I talk passionately about IT Service Excellence, Enablement, and User Experience and the brutal reality still is-
– We enable security training. A few smarties enable “Password123!”
– We enhance ITSM workflows. A few smarties enhance password reuse.
– Companies implement security solutions. A few smarties implement sticky notes with passwords.

Security is never just about tools. It is about mindset, process, and experience. We can deploy AI-powered threat detection, but still there would be that someone emailing passwords to their personal Gmail!

Dude, no ITSM/Security tool can automate common sense.

Do you have your favorite security fail moment?

P.S. Next time ensure to rename “BillingTeamPrivatePasswords.xlsx” to “DoNotOpen.xlsx”! Because clearly, that is hacker-proof! 😉