Most lapses in security, even IT security, are I understand due to failures by people rather than their systems. People do stuff like holding open doors for strangers or discussiing things in the lift or writing down passwords because they are impossible to remember -people do things that Sysadmins just don’t.
Today’s invention is a small piece of social engineering designed to help alleviate security problems and thus prevent disruptions to the important tasks undertaken by IT support staff, like memorising train timetables and comparing the contents of their utility belts… ; )
First, inform all corporate staff not to experiment with passwords. If they don’t know one, they probably shouldn’t be getting access to the secure resource anyway. Second, arrange for a small number of carefully crafted, realistic-looking passwords to be distributed about the building (scrawled on the edge of an occasional desk and on a few grubby post-it notes).
If someone should decide to attempt to use one of these to gain access, it would be detected by the LAN to which devices (eg PC’s, locks, etc) were connected and automatically send security staff to the location in question).