A company recently hired me specifically to improve its password policy. At five characters long, zero complexity, and no forced expiration changes, these passwords would be nearly nonexistent to most hackers. The client’s entire environment was already rife with malicious hackers and their programs. The company’s decision-makers were so intent on changing their password policy that it could not see the forest for the trees. If you want to reduce your company’s security risk as efficiently, you have to start by taking stock of your network security holes.”]