I have never heard anyone complain about a company taking infosec too seriously, let alone lots of companies.
Dude, my bank/email-host/health-insurer is teh suk. They overestimate the value of data confidentiality. I hope this does not become a new trend. I expect the companies that I deal with to play fast and loose with the data they control. Encrypting Data at rest? C'mon bro, if the data is so important why is it just sitting there with nobody using it.
Users complain all the time about being required to change their password every week to something unmemorable because of crazy complexity requirements.
That's all about regulatory risk, SOX, HIPAA, GLBA, etc. Let's be honest it is a "complaint" about a password policy, at best a means to an end. Unless you read that as a complaint about the motivation, because I did not.
I can't stand this the "Security is a tradeoff with usability" line. It is not. When you lock the airplane lavatory door and the light turns on what is the tradeoff? As far as I am concerned Acme Bank's website is unusable if anyone can login as me. How usable are your funds if anyone can transfer them out of your control?
Dude, my bank/email-host/health-insurer is teh suk. They overestimate the value of data confidentiality. I hope this does not become a new trend. I expect the companies that I deal with to play fast and loose with the data they control. Encrypting Data at rest? C'mon bro, if the data is so important why is it just sitting there with nobody using it.