One in three people write down computer passwords, undermining their security, and companies should look to more advanced methods, including biometrics, to ensure their systems are safe, a new study shows.
A study released on Tuesday by global research firms Nucleus Research and KnowledgeStorm found companies' attempts to tighten IT security by regularly changing passwords and making them more complex by adding numbers as well as letters had no impact on security.
Staff still had a tendency to jot down passwords either on a piece of paper or in a text file on a PC or mobile device.
"This is really a lot like mom and dad buying a great new security system for the house and junior leaving the combination under the door mat," said David O'Connell, senior analyst at Nucleus Research.
The study, which surveyed 325 U.S. employees, found that a single sign-on system is just as effective as more complex schemes and that user education on the importance of proper password protection did not deter employees from their lax habits.
"Passwords are high maintenance. People forget them, people lose them, they have to be reset. Resending passwords is time intensive and costly. It takes up time at a help desk," O'Connell said.
The report suggested companies look instead to biometrics, such as voice recognition devices or thumbprint scanners, or cognitive biometrics, the latest security system that learns characteristics about you while you tell a story in the form of multiple choice answers.
"It's these higher order techniques that companies need to shift to in order to get away from passwords," O'Connell said.