The survey of nearly 200 IT professionals at this year's Infosecurity Europe exhibition in London, found that 38 percent of respondents wrote passwords to critical systems on bits of paper.
The study, commissioned by security company Cyber-Ark, found that 22 percent of respondents said colleagues kept passwords on Post-It notes while another 14 percent stored them on unsecured Excel spreadsheets.
A quarter said that their staff can access administrative passwords without permission. Only 40 percent of respondents changed administrative passwords monthly or more frequently; 30 percent change them quarterly, while 15 percent never change administrative passwords.
Legislation, such as Sarbanes-Oxley and Basel II were beginning to have an impact on tightening up security, 81 percent of respondents felt that these rules and regulations had been “very positive," giving them the impetus to update and upgrade systems in order for their IT departments to “fall into line."
Calum Macleod, European director of Cyber-Ark, said the security situation couldn’t be much worse.
“The most powerful IDs have shared passwords that are infrequently changed. Operationally, the problems are also severe. Change control and system stability are predicated on a process to control when changes can occur and when this is not controlled every organization is seriously exposed," he said.