Nearly a fifth of the 175 IT managers interviewed by security company Cyber-Ark said their colleagues still keep passwords on sticky labels.
"It would appear from this research that password management is still a major bugbear for many organizations with two thirds who are still relying on the old-fashioned method of physically managing and storing passwords," said Tom Crawford, president and CEO at Cyber-Ark. "Because this process can be so time-consuming and laborious, IT staff often circumvent the security processes which can then open them up to potential security breaches."
Less than a third of the companies polled stored passwords digitally, while the rest relied on paper copies, stored in safes and cabinets.
Cyber-Ark said it was "alarming" that ten percent of the companies did not regularly change "mission critical" passwords and five percent did not even bother changing from default manufacturers' passwords.
One IT security director who was interviewed for the survey admitted to keeping all the administrative passwords in his mobile phone explaining that he thought this was, "a very safe place." His IT security colleague standing within earshot replied: "Wait till I tells the guys back in the office, you'll never live this one down."
In May SC reported the high profile Paris Hilton T-Mobile mobile phone hacking incident had occurred because of the socialite's poor password security. The simplicity of the password she chose made it relatively easy for hackers to guess.