Half of IT managers employed by large-sized companies believe it would be relatively easy to gain the core passwords for their computer systems.
The survey warns of the need for increased password security
That is the warning of a survey by IT security firm Cyber-Ark. It said that 10% of firms never changed their central administrative passwords.
A further 5% did not even bother altering the manufacturer's default password that came with the system.
The survey also found one IT boss who kept all passwords on his mobile phone.
Less than a third of IT managers store key passwords digitally, the survey of 175 IT professionals revealed.
The remainder continued to keep paper copies, stored everywhere from locked cabinets to safes.
About 25% of IT staff could, as a result, access the core passwords without official permission, the survey said.
In addition to the risk of such physical copies being stolen, it made updating the passwords more difficult and time-consuming, Cyber-Ark said.
And if IT managers are unsure about the security standards in their computer departments, they believe staff in other parts of their companies are much worse.
The survey found that IT managers estimate 19% of general staff in their firms still keep their passwords on notepaper beside their computers.
"It would appear from this research that password management is still a major bugbear for many organisations, with two thirds who are still relying on the old-fashioned method of physically managing and storing passwords," said Tom Crawford, president and chief executive of Cyber-Ark.