Originally Posted by
Globaliser
I suspect that a common bad habit is that increasingly-complex passwords simply get written down on paper and kept near the machine in question.
It's a matter of assessing what you consider to be the threat to the system to decide if this is as bad an idea as it might initially sound.
If the main threat actor is:
- a cyber criminal then the written-down complex password works perfectly.
- a physical thief or an insider threat then you are in a bit of trouble.
- state sponsored hackers or hacktivists then you probably have to have a really good think about your life choices!
My retired father has a password book that sits on his desk at home and has yet to have any on line account breached.