Hacker folklore abounds with awe-inspiring tales of gaunt, caffeine-sustained teenagers tirelessly picking global electronic locks from afar in a quest for knowledge or recognition. Sometimes it is difficult to remind ourselves that the reality is a lot less enchanting. Certainly, although hackers are known to proclaim an enthusiasm for artfully finding and breaching loopholes (in both code and law), it would appear that most just want to get access to accounts by the most expedient means possible. Even if you do not share this perception, it is a good level at which to pitch your security policy. To use an analogy, security policies which seek to prevent an intruder from gaining access to a house by hang-gliding onto the roof and abseiling down the chimney should also consider that the front door ought not to be open.