Cyber Security

Why you should never store passwords in text documents (or on Post-it notes)

Chloe Ireton

Chloe Ireton

My name is Chloe and I am in charge of all things marketing at Nebula. I started as an apprentice at the start of January 2024, and completed a degree in Graphic Design previously. Outside of work, I love everything to do with motorsports – I try and attend car shows and events as much as possible. Aside from this, I find that being out in nature and walking is very beneficial and allows me to have some time away from the screens.

Published on March 10th, 2025

Working on the Nebula helpdesk, we see all kinds of IT issues. One of the most common (and concerning) ones? Customers keeping a file on their desktop named “passwords.”

We all know passwords are the key to your business security. They protect customer data, financial records, and internal systems. However, too often they’re stored in the worst possible places, like a notepad file or scribbled on a post-it note and stuck to a monitor!

This might seem harmless, but it’s a huge security risk. Here’s why, and what you should do instead.

The dangers of storing passwords in text files

Saving passwords in a Word doc, Excel sheet, or plain text file might feel convenient, but it’s an open invitation for cybercriminals.

🚨 Easily accessible by hackers – Malware and phishing attacks can scan for unprotected credentials on compromised machines.

🚨 No encryption, no security – If an attacker gets access to the file, they instantly have everything they need.

🚨 Accidental sharing – Ever sent the wrong email attachment? It happens. If your password file ends up in the wrong hands, you’ve got a problem.

Post-it notes? Not any better!

Writing passwords on sticky notes might feel like a useful, old-school technique, but not when it comes to important or confidential information. It’s just as risky.

🟠 Anyone can see them – A colleague, visitor, or even a cleaning staff member could easily snap a picture or copy them.

🟠 Easy to lose – Drop that note in the bin (or misplace it entirely), and you might be locked out, or worse, someone else gets access.

🟠 No tracking or control – Unlike a password manager, a Post-it doesn’t tell you who’s seen or used the password.

In a notable case, a security analyst named Aaron Motta exploited poor password management practices to steal nearly $600,000 in cryptocurrency from a client. (modern-networks.co.uk)

The smarter solution: Password managers

To avoid relying on risky habits, businesses should be using password managers – secure, encrypted tools that keep your credentials safe.

Strong encryption – Password managers lock your data behind industry-leading security, keeping hackers out.

No more weak passwords – They generate and store complex passwords for you, so you don’t have to remember them.

Secure sharing for teams – Need to give a colleague access? You can do it without revealing the actual password.

passwords

Final thoughts from Nebula

Good cybersecurity starts with good habits. Get rid of the text documents and Post-it notes and start using a password manager. A little change now can save you from a huge security mess later.

If you would like to know more about our services, feel free to get in touch here. No question is too small and we’d love to hear from you.