Re: Take your pick
Then I'm afraid you don't really get 'security'.
If your users are incapable of using passwords then a password is not a suitable security control. You need to find another more suitable form of authentication or you need to implement other controls that provide the same level of risk reduction but are not authentication controls.
You might need to design a security system for users that are vulnerable or lack mental capacity (the very young and the very old) or who have additional needs (visual imparement, physical control issues). It still needs to be secure and their difficulties are your problems to work around.
Your security needs to suit the environment and the users. If you try to force users into using security controls that don't suit that's when you'll get post-its under desks, machines never locked, emails sent to personal addresses.
And if the managment aren't bought in you're screwed before you start.
Security is 90% psychology and 10% technology.