Study: One-third of corporate employees still write down passwords

One in three corporate employees write down computer passwords undermining company security, according to a study released earlier this month.

The survey also concluded that businesses should seek more advanced methods, including biometrics, to ensure their systems are safe.

The research, published by Nucleus Research and KnowledgeStorm, shows organizations' attempts to improve IT security, by regularly changing staff passwords and making them more difficult by using numbers, had no effect on security.

The study found that many workers still write down their passwords either on pieces of paper or in a text file on a PC or personal storage device, undermining the company's security policies and architecture.

User education on the significance of password security did not deter workers from adopting careless habits, and a single sign-on system is just as effective as more complex techniques, the survey suggested.

Furthermore, the report implies that businesses should consider biometrics, such as fingerprint scanners or voice recognition, to ensure security.

Jan Valcke, president and COO of user authentication and e-signature product vendor VASCO, said smartcard-based password storage devices can play a significant role in addressing this human risk.

"This is yet another example of how organizations have implemented million-dollar security policies and architectures to protect themselves from viruses and malicious external attacks, only to be compromised by the internal security risks posed by a company's personnel," he said. "People - either through accident or malice - still remain the weakest link in the security chain, and are responsible for a high percentage of security breaches. By negating the need for personnel to remember passwords organizations have no excuses for leaving themselves exposed to this security risk."

However, George Skaff, vice president of marketing at fingerprint authentication vendor DigitalPersona, said smartcards or tokens are an ineffective alternative to manual passwords, because they can be lost or stolen.

"Companies that use fingerprint biometrics improve the security of their network, because it stops unauthorized access. It also reduces IT support costs because staff can never lose or forget their ID or need it resetting, plus it can help with compliance regulations, providing businesses with solid audit trails of employee access due to the fingerprint authentication," he said. "Manual passwords are not good enough and organizations need to start looking at alternatives now."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.