You are here: Home » In this week's e-newsletter » Police called after passwords stolen from employee’s desk

Police called after passwords stolen from employee’s desk

April 23, 2010 By Sam Narisi 3 Comments

A recent dust-up at an elementary school provides a valuable lesson about good password management:

Don’t leave important passwords written down where they’re easy to find.

Police were called after teachers in Falls Church, VA, discovered someone had changed the passwords they used to access their school’s Blackboard system, a communication tool for teachers, parents and students.

Despite initial fears the system was targeted by a hacker, it turned that a nine-year-old had simply stolen one teacher’s password off her desk, ComputerWorld reports. The teacher’s account had administrative rights, which the child used to change the passwords of other teachers.

IT departments face the tough task of convincing users to choose strong passwords, without writing them down is easy-to-see places.

One recommended method to creating a complex password that’s easy to remember:

Start with a base word that you won’t forget. Then add at least four additional characters. Those characters can then be written down (without the base word) and stored somewhere.

Filed Under: In this week's e-newsletter, IT Security, Latest News & Views Tagged With: ,

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy

Related Posts

  • Jan

    Another option is to use a longer word that’s easy to remember, but then substitute numbers for some of the letters – for example, make a letter O into a zero, or change an L into a number one. Then put an exclamation point at the end (if your password system will allow it). This makes it so that it’s easy to remember and doesn’t have to be written down, but still tough to crack.

  • Gary

    As long as we keep calling them passwords and thinking of them that way you can usually brute force crack them in a reasonable about of time too. Instead we should be thinking of (and providing room on login screens for) pass phrases.

    Instead of “Secret” or “Password” use “My password is a secret”. From 8 to 23 characters and still very easy to remember.

    Couple this with some numbers and punctuation and you can get “My favorite baseball player is #33.” for a 35 character password that has caps, lower case, punctuation and numbers, yet should never need to be written down and should be very easy to remember for the creator of it.

    The problem is that many apps don’t allow for long passwords. Instead it’s usually 6-12 characters, etc…

  • http://www.donallenagency.com Amber Amber B-Bamber

    Our office uses webi’s which are password protected documents on our desktop (and saved to our server drive) that house ALL of the company passwords we need for our independent insurance agency, and it is 3-4 pages long depending on how many websites each employee uses, then we just copy & paste from that document so only one password must be memorized & the others can be as complex & unmemorable as you need. The on password of course must not be written down & must be very difficult to hack. I agree w/Gary – using symbols or numbers to replace words or letters is handy – I use the number 4 to mean the word “for” so one of my passwords is “4Certain” for example. Then there’s “2BorNot2B” if you like Hamlet, inspired by texters.