In the modern world where identity fraud is on the increase, many security conscious firms are introducing more complexity into their staff passwords. But the staff are equally ingenious when it comes to ways around the rules.
"It's important," said Chris Cross of the International Network Administrators Association. "Most people are lazy when it comes to passwords, and they can quite often be guessed. They choose a familiar name or place, or even the word 'password'."
The INAA have provided guidelines for their members to ensure that passwords chosen by staff cannot be guessed, sometimes even by the person to whom the password belongs.
"A few years ago, we said that passwords required changing at least once a month, but people were cycling between two different passwords, so we introduced the cannot be one that has been used in the past twelve months, and people stared using the month name! We had to start getting creative and insisting that passwords were a mixture of numbers, punctuation and letters. This was fine, until people did a month and day number. It's very frustrating."
The INAA have now come up with new proposals that they believe will ensure that staff have no chance of using easily guessable passwords.
"We're keeping the mixture of letters, numbers and punctuation, plus we're increasing the cycling to once a week, disallowing a password that has ever been used, and we're going to add sketches and tweeting. The staff will have to provide a sketch of something, say a house or a dog, and tweet into a microphone whilst typing the password."
The INAA deny that the additional complexity is to keep their members in jobs resetting passwords for staff who cannot remember whether or not they sketched a bird, or tweeted the Blue Danube.