Some interesting facts about people's use of passwords have emerged from a survey of over 3,000 IT professionals and business execs carried out in the US.
Just under a quarter have eight or more different names and passwords to access different parts of their computer system. Eighteen per cent are lucky enough to have just one, with most stuck with between three and four.
With this many to remember, you'd think some people would write them down. They do. Over half (55 per cent) of people have written their password down at least once, with most having written them down about three times. Nine percent of people always write their passwords down.
But clued-up companies are fighting back against possible security breaches. Just under a quarter of companies insist passwords are changed seven times a year or more. And just over a quarter three to four times a year.
That's not all. Over half of all companies insist employees use a combination of letters and numbers in their password to make a potential hacker's job harder. And 37 per cent insist on passwords of eight characters or more for the same reason.
Which rather inevitably leads us to the issue of forgetting passwords. While just under half claim they have never forgotten their passwords, that means over half of employees have. Thirty-seven percent say just once or twice, and 10 per cent three or four times. But two per cent of people admit to being sysadmins' favourite people, having forgotten their passwords eight or more times.
But 'so what' you might say. Usernames and passwords are just a part of using computer systems. We just have to get on with it and live with the downsides.
Not so, cries Rainbow Technologies, which provides simple security systems for business applications and, would you believe it, sponsored this survey.
Rainbow Technologies, according to its press release, "has been breaking the security paradigm for more than two decades". But we won't hold that against them and will instead tell you what their vision of the future is: a key card and a PIN number.
The employee carries round the key card, which you stick into the computer's USB port. This prompts the computer to come up with a request for a PIN number. Tap in the PIN number and away you go.
Seems like a good idea to us. Many employees are forced to carry around company ID cards these days anyway to get in and out of the building. Once they're used to this, another card isn't too bad an idea. Or even better, stick everything on the one card.
Except, of course, giving people usernames and passwords is extremely cheap and effective and built into most computer networks, and running a key card system across the whole network is extremely expensive and time-consuming - which is why only companies with hugely sensitive data bother to do it at the moment.
This is where the survey comes in. We're all agreed that passwords are a nightmare and potential security risk. But how much do you think that costs in real terms? According to Rainbow's VP of marketing, David M. Lynch, "the cost of managing passwords estimated to be from $75 to $150 per user, per year which doesn't count lost productivity due to downtime as the user waits to access an application." And if we're not mistaken, we imagine Mr Lynch's system will cost, in the long run, less per user, perhaps $50 a year.
It's a good idea and clearly with the technology getting cheaper, a more viable one for companies where the information stored on their network is not their main resource. It would also make sysadmins’ lives less stressful (once they had installed the system) as they wouldn't have to keep answering daft password-related phonecalls.
Now that's got you thinking.