System admins might want to take a long, deep breath before reading the findings of a recent research report about end-user passwords from Nucleus Technology.
According to the survey, more than one in three enterprise users write down their passwords. And it gets worse: "Of the third of users that write down their passwords, one third of those do it on paper, such as a sticky note. Even more dangerous are the other two thirds: They keep their passwords as a text file on their laptop PC or mobile device, where it could be easily lost or stolen."
Whether you require complex passwords or basic ones; whether you require users to change them weekly or never; whether you use single sign-on or users have multiple passwords, the risk remains the same: according to the study, that same one-third-plus will continue jotting them down.
A total of 325 users participated in the survey by the way, which isn't an overwhelming number, but it's still enough to give you cause to revisit your organization's password policies and security measures.
"Companies that spend time and money creating password security strategies are largely wasting their time, because one in three employees are writing down passwords regardless of password policies," says David O'Connell, senior analyst at Nucleus Research. "It's like leaving the key under the mat or in the flower box. Companies looking to ensure security should look beyond passwords to other authentication strategies."
While educating users about password protection may help a bit, the study suggests that companies explore alternative means to traditional passwords. "Some companies look to biometrics to increase security," according to the study.
Nucleus Research is a global provider of IT advisory and research services. The study is available on free though the company's Web site.
How do you manage passwords at your company? Is biometrics the answer?