Half of IT managers employed by large-sized companies believe it would be relatively easy to gain the core passwords for their computer systems. That is the warning of a survey by IT security firm Cyber-Ark. It said that 10% of firms never changed their central administrative passwords. A further 5% did not even bother altering the manufacturer's default password that came with the system. The survey also found one IT boss who kept all passwords on his mobile phone. Less than a third of IT managers store key passwords digitally, the survey of 175 IT professionals revealed. The remainder continued to keep paper copies, stored everywhere from locked cabinets to safes. About 25% of IT staff could, as a result, access the core passwords without official permission, the survey said.
Come on people! Think of an eight word phrase (e.g "That's not the way we do things round here"), take the first letter of each word, insert a number and a non-alphanumeric, and instant password! That's not a phrase I've ever used in my passwords, but you get the idea.