The perils of password post-it notes

In today’s highly digital world, many of us still prefer the comfort of pen and paper, notebooks and post-it-notes. Storing passwords in a physical format leaves them susceptible to theft. 

With cyber threats evolving and becoming more sophisticated, protecting sensitive information is a top priority for both individuals and organisations. Despite this, a very common behaviour is to write down passwords: “Do you write your password down and put it on a post-it note and leave it on your desk?” 

While this might appear like a simple and harmless act, it actually poses significant risks. This seemingly innocent habit can be detrimental to both IT security and your own personal information, leading to potentially severe consequences.  


The basics of IT Security and Cybersecurity

IT Security refers to measures designed to protect the integrity, confidentiality, and availability of information. It encompasses a wide range of practices and technologies to safeguard data from unauthorised access, misuse, or theft. This includes everything from firewalls and antivirus software to encryption and secure network protocols. 

Cybersecurity, on the other hand, is a broader term that includes IT security but also extends to the protection of internet-connected systems, including hardware, software, and data, from cyberattacks. Cybersecurity strategies are designed to combat threats such as hacking, phishing, and malware attacks, aiming to protect against both digital and physical threats. 


The post-it note conundrum

Let’s address the question of writing down passwords and leaving them on your desk. This practice is a glaring vulnerability in both IT security and cybersecurity. Here’s why: 

  • Physical security risk: A post-it note with your password is a physical object that can be easily seen and accessed by anyone passing by. This could be a coworker, a visitor, or even a member of cleaning staff. Once your password is exposed, it’s as if you’ve handed over the keys to your digital kingdom. And that could include both workplace and personal data and finances. 
  • Lack of accountability: Leaving passwords in plain sight negates the principle of accountability. If unauthorised access occurs, it’s difficult to trace the breach to a specific individual, leading to potential chaos and security breaches without clear sources. Without identification of the source, this creates significant extra time, effort, and cost to implement preventative measures to protect against future breaches. 
  • Encouragement of bad habits: Writing down passwords on post-its fosters a culture of complacency regarding security practices. It undermines efforts to promote strong, unique passwords and secure storage practices, paving the way for more significant security lapses. 
  • Risk of social engineering: Cybercriminals often employ social engineering tactics to manipulate individuals into divulging confidential information. A visible password can be an entry point for such attacks, leading to more severe breaches. 


Best practices for password security

To mitigate these risks, it’s crucial to adopt and promote best practices for password security: 

  • Use strong, unique passwords: Ensure passwords are complex, incorporating a mix of letters, numbers, and special characters. Avoid common words and personal information that can be easily guessed. 
  • Utilise password managers: Password managers store and encrypt passwords, allowing you to maintain strong, unique passwords without the need to remember each one. This eliminates the need for physical notes and enhances security. 
  • Enable multi-factor authentication (MFA): MFA adds an additional layer of security by requiring a second form of verification (e.g., a code sent to your phone) beyond just the password. This significantly reduces the risk of unauthorised access. Products such as Microsoft offer an app ‘Microsoft Authenticator’ to approve sign-ins from browsers and mobiles. 
  • Regularly update passwords: Periodically changing passwords can help prevent long-term unauthorised access. Set reminders to update passwords and avoid reusing old ones.  
  • Educate and train: Conduct regular training sessions on cybersecurity best practices. Ensure that all employees understand the risks associated with poor password management and the importance of robust security measures. 


7 Tips for creating and remembering strong passwords

Creating strong passwords and remembering them can be challenging, hence the reason why people choose to write them down. Here are a few tips to help: 

  1. Use a passphrase: Instead of a single word, use a passphrase – a combination of words that are easy for you to remember but hard for others to guess. For example, “BlueSky$SunnyDay123”. Or combine unrelated words in your passphrase or password. 
  2. Incorporate numbers and symbols: Mix in numbers and special characters to add complexity. Avoid predictable patterns like “Password1!” or “1234$abc”. 
  3. Use a combination of at least eight numbers, letters and symbols: The longer your password and the more character variety it uses, the harder it is to guess. For example, M0l#eb9Qv? combines upper- and lowercase letters, numbers, and symbols, making a unique and hard-to-guess password. 
  4. Acronyms and abbreviations: Create passwords from the first letters of a sentence or a phrase. For instance, “I love to travel around the world in 2024!” could become “Il2tAtw2024!”. 
  5. Avoid common words and personal information: Steer clear of using obvious words or personal information such as birthdays, names of pets, or family members. Do not use sequential numbers and letters such as 1234, qwerty, jklm, 6789 
  6. Do not reuse passwords: Every device, application, website, and software requires a unique and strong password or PIN. Remember, if a cyber criminal does guess one of your passwords, they will use this to attempt to hack into all of your personal and professional accounts. 
  7. Use a password manager: As mentioned earlier, a password manager can help you store and manage your passwords securely. It can generate strong, random passwords for you and remember them, so you don’t have to. 


Overcoming the Post-it note perils

The simple act of writing down your password and leaving it on a post-it note can have far-reaching consequences. It’s a small mistake that can open the door to significant security breaches. By adopting strong password practices, utilising technology such as password managers, and fostering a culture of security awareness, individuals and organisations can significantly enhance their defences against cyber threats. This best practice will also protect your personal information and reduce the likelihood of your financial and banking information being compromised. 

Remember, in cybersecurity, even the smallest detail can make a big difference. So, think twice before reaching for that post-it note.