Administrative passwords are being kept in accessible or unsecured locations, which can cause massive disruption and hours of lost productivity, according to a study by Cyber-Ark Software.

The study found in some of the World’s largest companies administrative passwords are stored in the heads of just one or two IT staff or kept on paper.

It found that 15% of company’s never change their critical passwords, 33% said they do not change their passwords as often as their company’s policy suggests, and 25% admit their IT staff can access the passwords without permission.