Where's the first place a cyber criminal looks for username and password when he wants to get access to a computer? That's right - on a Post-it Note or label on the computer keyboard or monitor. (If the movies are true, second place is probably in a slide-out return or drawer.)
But what if multiple people share a workstation? Easy. Check for the neatly typed spreadsheet that lists everyone's login credentials; choose someone you want to impersonate, and login. Presto!
Why bother with passwords at all?
This is a real picture and sadly, I see this kind of behavior all too often. I even wrote about this problem and proposed a solution four years ago in a post entitled, "Lower your standards; lower your stress".
Seriously folks, most network admins I know work very hard to secure the information assets of their organization. Yet, their efforts to protect these assets are undermined when people do stuff like this.
Network and computer security requires more than a digital audit. Training and on-site inspections are mandatory to prevent stuff like this from happening. Obviously, in this organization, it isn't happening.
As far as this photo, in the interest of security, I won't name the company where I took this picture. I will, however, send them a link to this blog post.