One in three people write down computer passwords undermining company security, and businesses should seek more advanced methods, including biometrics, to ensure their systems are safe, according to a new study.
The research, published by Nucleus Research and KnowledgeStorm, shows organisations' attempts to improve IT security, by regularly changing staff passwords and making them more difficult by using numbers had no effect on security.
The study found that many workers still write down their passwords either on pieces of paper or in a text file on a PC or personal storage device, undermining the company's security policies and architecture.
The survey suggested that user education on the significance of password security did not deter workers from adopting careless habits and that a single sign-on system is just as effective as more complex techniques.
Furthermore, the report implies that businesses need to consider biometrics, such as fingerprint scanners or voice recognition, to ensure security.
Jan Valcke, President and Chief Operations Officer at user authentication and e-signature product vendor, VASCO, believes smartcard based password storage devices can play a significant role in addressing this human risk.
"This is yet another example of how organisations have implemented million dollar security policies and architectures to protect them from viruses and malicious external attacks, only for them to be compromised by the internal security risks posed by a company's personnel," he said.
"People - either through accident or malice - still remain the weakest link in the security chain, and are responsible for a high percentage of security breaches. By negating the need for personnel to remember passwords organisations have no excuses for leaving themselves exposed to this security risk," he continued.
However, George Skaff, VP of Marketing at fingerprint authentication company, DigitalPersona, said using smartcards or tokens was an ineffective alternative to manual passwords, because they can be lost or stolen.
"Companies that use fingerprint biometrics improve the security of their network, because it stops unauthorised access. It also reduces IT support costs because staff can never lose or forget their ID or need it resetting, plus it can help with compliance regulations, providing businesses with solid audit trails of employee access due to the fingerprint authentication," he said.
"Manual passwords are not good enough and organisations need to start looking at alternatives now," he added.