Recognizing that: - people do not always follow published laws, - the generally accepted security principal is that passwords should never be written...

Recognizing that:

- people do not always follow published laws,

- the generally accepted security principal is that passwords should never be written down, and

- research suggests that:

* more than one out of every three enterprise users keep a written record of their passwords.and

* 64% of end users report that they have written down their password at least once

Should the policy prohibit passwords from being written down or permit passwords being written down in one of the "secured formats" as referenced in the "Is It Okay to Write Down My Passwords? How To Do It Right " article?

Password managers have already been considered so please do not mention.