Need to hack a password? Try "password1." It has everything you need: a capital letter, a number and just enough characters to pass muster with Active Directory. And of course, nobody would think of it. Just ask all the people who use it. It's one of the passwords that hackers try first. That is, of course, assuming the password isn't lying around on a desk somewhere in plain sight. In approximately 15 percent of physical security tests performed by the Trustwave at client sites last year, written passwords were found on sticky notes and other scraps of paper in plain view.