There is a a story about a nine year old gaining administrator access to his school’s system to change passwords and home work assignments.
[Blackboard] disputes local reports that the installation of its technology at the school was hacked. “It was actually not a hack, unless you consider the fact that the 9-year-old took the teacher’s username and password from the desk a hack,” said Michael Stanton, Blackboard’s senior vice president of corporate affairs told IDG.
If tricking someone into divulging credentials (known as social engineering) is a hack, then taking it “from a desk” is equally a hack. In both cases, the victim thinks the information is secure. However, it has been unknowingly compromised.
In the case of writing down passwords, security professionals admonish users from doing it for exactly the results of this nine year old, Kevin Mitnick, and others willing to exploit lazy users.