The story about the hacking of a water treatment facility in Florida reminded me of an incident I witnessed about 2o years ago, at a different state job. In this state facility they tested biological and water samples. Around that time some people were in the bad habit of writing the password to shared accounts on Post-It Notes, then affixing that to a monitor where multiple people shared the same username and password to an account. The CIO issued a decree that anyone using Post-It Notes to write passwords on would immediately be dismissed. Well, in one of those offices they had found a clever way of getting around the regulation. They didn't use a Post-It note. Instead, someone had modified the screen saver so that it would scroll the words:
The password is <the actual password then being shown>
I had to laugh aloud in bitterness at how they were being compliant with the letter of the law but violating the spirit of the law. And of course, tell them they had to change their screen saver.