Change Your [*******] Password Already!

Okay, the larger scale National Change Your Password Day dreamed up by Gizmodo and Lifehacker was 2/1/2012 but I’m willing to bet more arts managers than not aren’t regular readers of either outlet; as such, today is the arts manager edition, loving dubbed Change Your [*******] Password Already!, or CY*PA (ˈsī ● pa) for short. Here’s what you need to get started.

It Takes More Than Capitalizing The First Letter Of Your Old Password

passwordsThe sad truth is most passwords are awful; they are easy for hackers to crack because they are common phrases or numerical sequence like “123456.” And changing your password from “mahlerrocks1” to “Mahlerrocks1” doesn’t count as an improvement.

Fortunately, improving this part of your online security is easy, just visit a random password generator like and it will do the heavy lifting in milliseconds. But if you want to micromanage the job and pick your own characters, keep in mind that a good password…

  • uses at least 15 characters.
  • uses uppercase and lowercase letters.
  • uses numbers.
  • uses symbols.


  • isn’t your actual name or account username.
  • isn’t a family member’s name or birthday.
  • isn’t the name of a famous composer or performer.
  • isn’t a word found in the dictionary.


Password Fail

Do you see your password in this Wordle cloud? If so, chalk up a fail today since you just became a statistic of the 500 most common passwords (click to enlarge):

password fail

There’s More? Really?

Hold on a moment, we’re not done yet. You also need to make sure you aren’t using the same password at multiple sites and that begs questions like:

“How the [****] am I supposed to keep track of everything?”

Fortunately, Gizmodo published a terrific resource in conjunction with their other password day articles that reviews the pros and cons of free and pay based password managers.

One of the top resources they recommend is one I use: LastPass. It’s nice because it can sync your passwords across multiple devices and although there is a free version, I recommend signing up for the pay version (it’s only $1.00/month).

The upside is after you have everything set up, you can rest easy that your database, box office, office email, or website admin panel won’t get hacked because some lowlife had an easy time cracking the not-as-clever-as-you-thought password consisting of your mother’s maiden name preceded by a combination of the last two digits of her birth year and your birth year.

Why This [****] Matters

Beyond the fact that you don’t want to be known around the office as “that guy” or “that girl” there are plenty of reasons to consider, some more obvious than others:

  • You won’t have to worry about your IT department “accidentally” setting your spam filter to “none shall pass.”
  • Nonprofit performing arts accounts are notoriously vulnerable when it comes to basic security issues such as passwords and when you consider how much personal info is stored in box office and CRM databases, that should be enough to scare you into action.
  • Budgets are still pretty tight at most organizations and the costs in time and treasure associated with cleaning up hacked accounts is staggering to most folks who aren’t already aware. It’s not unlike when someone learns how much a good violin bow costs.
  • By and large, it’s a preventable problem. Granted, if someone really wants to hack your organization and they have the time and resources, there’s not much you can do besides keeping as much info behind separate firewalls as possible. But that’s not all that likely compared to someone like the Pentagon, yet you can keep the garden variety hackers out by using strong passwords and changing them frequently.
  • The days of setting up your password once and leaving the same for years on end are gone. Pine for them all you want but they are as dead as Debussy (the composer, not his music).


I know, the last thing anyone needs is another mindless task. So if it helps, feel free to curse me while you’re getting all of this done. I’ll gladly accept a little cathartic vilification if it means improved password security throughout the field.

In the meantime, help spread the word about CY*PA and FaceTweet+ the daylights out of this article using the social sharing icons below or go old school and send an email.

If you do it soon enough, you’ll get in on the ground floor of wallowing in all of that self-righteous crapulence that comes with being the first of your friends to recommend doing a great thing. So what are you waiting for?

About Drew McManus

"I hear that every time you show up to work with an orchestra, people get fired." Those were the first words out of an executive's mouth after her board chair introduced us. That executive is now a dear colleague and friend but the day that consulting contract began with her orchestra, she was convinced I was a hatchet-man brought in by the board to clean house.

I understand where the trepidation comes from as a great deal of my consulting and technology provider work for arts organizations involves due diligence, separating fact from fiction, interpreting spin, as well as performance review and oversight. So yes, sometimes that work results in one or two individuals "aggressively embracing career change" but far more often than not, it reinforces and clarifies exactly what works and why.

In short, it doesn't matter if you know where all the bodies are buried if you can't keep your own clients out of the ground, and I'm fortunate enough to say that for more than 15 years, I've done exactly that for groups of all budget size from Qatar to Kathmandu.

For fun, I write a daily blog about the orchestra business, provide a platform for arts insiders to speak their mind, keep track of what people in this business get paid, help write a satirical cartoon about orchestra life, hack the arts, and love a good coffee drink.

Related Posts

Comments (powered by Facebook)


Subscription Weekly
weekly summary subscription
Subscription Per Post
every new post subscription

Send this to a friend