During the years I have written several articles, like this one - Creating and Maintaining Strong Passwords, mainly with the idea to actually provide a pragmatic approach on tackling weak, and prone to be cracked passwords. The result, at least from a sniffing point of view *grin* was that most of my friends lacking security knowledge, were indeed getting concerned by their easy to guess passwords. Later on, they were turning them into entire passphrases with the idea to avoid not having them cracked. That's an example of a "false feeling of security".
And while it was a progress compared to how predictable their passwords really were, strong passwords doesn't address the following issues that I later on covered in another article - Passwords - Common Attacks and Possible Solutions, namely, passwords can be :
- Unintentionally shared
Recently, both from a CSO's point of view, and the financial industry, two factor authentication, has been gaining a lot of acceptance, in my opinion primary because of its tangibility. It greatly improves the authentication process, given the integrity of the system, and the network itself. And while from an organization's or bank's point of view providing tokens to the entire work force would represent a huge investment, I strongly feel prioritizing in respect to important customers, and executives will play an important role.