It is about securing personal and private information. With information security you have to compromise between security and ease of use. A person can make a security system so secure that no one would use it. For example having a password 30 characters, a mixture of letters, numbers, and special characters. That would be a secure logon, but that also would cause the user to write the password down which is unsecure and anyone that stops by the users desk would be able to grab the password.
The only way to use passwords such as those would be to use a flash drive to copy the password into that logon box. The problem there is that most companies do not allow USB Flash drives within their system. Which is a compromise, so most businesses set-up a 8 character password limit of letters and numbers.
Security is all about accomplishing the business needs, and not as much about rock solid nobody break-in security. Sometimes security professionals forget all about the business needs, and without the business everyone would be without a job.
Next time you design a security system keep in mind how important is the data that your trying to secure, and also what is the business mission and goals are.
