User authentication is a vital element in ensuring the secure operation of computer-based systems. The most common control mechanism for authenticating user access to computerised information systems is the use of passwords. Password-based systems remain the predominant method of user authentication despite the many sophisticated and viable security alternatives that have emerged from research and development. However, evidence suggests that this method is often compromised by poor security practices. This paper presents the results of a survey that examines user practice in creating and using password keys. This paper reports the findings from a pilot study examining user password composition and security practices for e-mail. Despite a greater awareness of security issues, the results show that an improvement in user password management practice is required.