Out-Law / Your Daily Need-To-Know

The pressure to manage increasing numbers of passwords across web sites and IT systems is forcing users to compromise security, according to a new survey by internet security testing firm NTA Monitor.

According to the 2002 NTA Monitor Password Survey, conducted in London over a weeklong period in November 2002 with the participation of 500 individuals, the average "heavy" IT user has 21 passwords required in order to access bank information, voicemail and internet sites, with some users having up to 70.

The great majority (84%) of computer users surveyed, says NTA Monitor, considers memorability as the most important attribute in selecting a password, whilst 81% of the sample said they select common words as passwords where possible.

The survey also found that 49% of intensive IT users write their passwords down, or store them in a file of their PC. Also, 31% of "lighter" users store their passwords in the same way. According to NTA Monitor, as much as 67% of the sample said they never change their passwords, and a further 22% admitted they would only ever change their passwords if forced by a web site or an IT department.

Roy Hills, technical director of NTA Monitor warned users that they are "effectively leaving their keys in the front door of their computer systems."

He added:

"The IT industry is simply not taking it seriously enough- losing a laptop, for example, with strictly confidential merger and acquisition documents on the hard disc is one thing, but if it's got a post-it note with the password stuck to it you've only got yourself to blame."

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.