It’s been said many times many ways, but the weakest point of a security system is the user.
Feynman had a great story about the commanding officer at Los Alamos demanding the most advanced safe available for all his secret documents. This was problematic when the CO passed on before revealing the combination. An amateur lock-picker, Feynman was extremely interested in how the “pros” solved it. It turned out to not be that hard, as it was still on the default combination.
There is a door on campus that is extremely convenient to use as an entrance, but for “security reasons,” it was designated as an exit-only door, and cannot be opened from the outside. Enter ingenuity. We put a doorstop in it, propping it open, nullifying all the security value it would have otherwise had.
Tyler, a friend of mine, pointed this fact out - that by making the “real” solution difficult, they’ve shot themselves in the foot.
Another appropriate example is one of our computer labs. On the entrance, there’s a device that requires a password and a fingerprint scan, but anyone who’s seen “Spaceballs” could guess the combination, and the scanner at this point doesn’t recognize any fingerprints - it just requires that there’s a finger placed on it. An alternate method to gain entry is to slip in a credit card into the door. As a result of the scanner being difficult to set up, any purpose it might have had is gone.
Of course, it’s difficult to get onto campus in the first place, so this aren’t huge issues in my mind, but they seem overtly serious about security when clearly they are not. I get hassled regularly by security guards demanding to see my ID, and yet I’ve had a backpack, a camera and a Nintendo DS stolen. In separate incidents. The camera was even taken from a drawer which is locked more than 95% of the time. In my office. In the building with the highest security priority.