I tell my students they must write down their passwords. I do not secure the paper and some one takes it and uses the passwords for nefarious purposes. (OK, this is hypothetical!)

Am I responsible for the breech?

What actions should school and IT leaders take?