Peter Merholz: “I believe the

Peter Merholz: “I believe the degree of security folks are forced to place on their own system is far too draconian.”

Jacob Nielsen, from November 2000: “In reality, users simply write down difficult passwords, leaving the system vulnerable.”