i used to have a job where we supported PCs with windows on to users in a firm with something like 17000 employees. part of the standard image which everybody gets on their PC is a certain commercial encryption product. it encrypts your hard drive and then the user sets the key to get into the hard drive, and without that key nobody can get onto your hard drive, let alone log in as you, theoretically. in actual fact the encryption product has a backdoor key. i know what it is, and so do other people. the fact that i no longer work there doesn't stop me knowing the backdoor key, although i have agreed on paper somewhere not to disclose it. to me, this is pathetic! it defeats the entire purpose of encryption. it would be like having two doors in your house. on one, you install a shitload of locks, alarm devices, bolts, reinforcements and so on, to stop anybody trying to break in, but with the other door you don't bother, reasoning that anybody coming to your house will be trying to come in through the front door. In reality then, all the potential invader needs to do to get in through the back door is figure out how to get over your garden fence.
metaphorically speaking.