I think Bruce Schneier actually recommends writing stuff down. Probably not a post-it on your monitor, but in your wallet or something. For most people that's not the high risk avenue of attack. One thing I'd suggest with that is 'dehydrating' or 'poisoning' what you write down: either don't write down the whole thing, or add a decoy part you know to leave out, or both. That way if someone does get the record, it's not immediately useful; a mugger or SO is more likely to give up than use it as the basis of a faster brute force attack. Dehydrating is probably more robust, vs. multiple passwords with shared poison.
It's a bit like having a password app, except instead of having a master password to unlock or hash=generate final passwords, you have a master password[1] to generate via appending or prepending or such.
[1] If you have one strong shared component; you could also have multiple weaker ones. Password length limits sometimes force that.
no subject
It's a bit like having a password app, except instead of having a master password to unlock or hash=generate final passwords, you have a master password[1] to generate via appending or prepending or such.
[1] If you have one strong shared component; you could also have multiple weaker ones. Password length limits sometimes force that.