There were three employees and each required a password for their desktop PC, a POP account, and SMTP account. We needed passwords for their e-mail/web hosting service, (to administer the e-mail accounts,) Yahoo! account (to create and then validate their e-mail accounts for sending mail,) and router. To change former Windows user account passwords required knowing the former user account password to change them. The SMTP service required a separate password and non-standard port number; that's like a password too.
Like most of our customers, the 'boss' wanted to know these website URLs, logins and passwords. She was overwhelmed! Who wouldn't be? When we were finished, she had a spreadsheet with six lines and eight columns - just for three employees!
No wonder many of my customers are frustrated to the point of distraction with computer security. What does is get them? Where is the trade-off? What is the upside?
Each of these people probably have personal e-mail accounts, bank accounts, a dozen other services and websites that require logins and PIN codes.
We are being punished by all these passwords! They buy us precious little security and simply don't work.