There"s my server, Netware, laptop, Neowin, Amazon, MSN, half a dozen email accounts, Lotus Notes, my xda, Handango, Passport, Outlook... to name but a few. All different... damn password caches and rules. They"re mine, how many have you got?
The 2002 NTA Monitor Password Survey found that the typical intensive IT user now has 21 passwords, and has two strategies to cope, neither of which is advisable from a security standpoint: they either use common words as passwords or keep written records of them. The survey found that some of these heavy users maintain up to 70 passwords. Forty-nine percent write their passwords down, or store them in a file on their PC.
The research shows that 84 percent of computer users consider memorability as the most important attribute of a password, with 81 percent selecting a common word as a result.
Furthermore, 67 percent of the entire universe of users polled by NTA Monitor rarely or never change their passwords, and 22 percent said they would only ever change one if forced to do so. One respondent said: "Memorability is more important as I assume it"s secure. I remember passwords I"ve selected but if I"ve been assigned one I can"t change I write it down on a "post it" and stick it to my docking station."