"The state of information security as a whole is a disaster, a train wreck". This view is given by Forte and Power (2007) describing the state of information security towards the end of the first decade of the 21st century. Amongst solutions offered, the view that security programs have to be holistic is proposed indicating that technical controls are of little value without the workforce understanding the risks of their irresponsible behavior. Another solution proposed by them is the role of awareness and education. All levels of users should be targeted letting them understand their role and responsibility in information security. Password related behavior is often highlighted as a key component of information security
Hennie A. Kruger, Tjaart Steyn, Lynette Drevin, Da