[__ddd__]

Well if you're willing to compromise on security by trusting a password manager / encrypted volume (plus user opsec) to store your passwords, there are other compromises one can make to facilitate easier memorization. Security by obscurity is a worthless feature when designing a cryptographic system, but it is an invaluable tool for your own personal opsec. Reuse some passwords for services with a lesser threat model, with slight changes. Is it sub-optimal? Sure, but so is trusting a black box program with your passwords, probably running on your everyday (read: unsecure) computer. As your parent noted, you can't automate low tech cryptanalysis, and you're really not that important.

[Buge]

Like you point out, my everyday desktop is already not very secure. I use most of my high value accounts fairly frequently. So most of my accounts would be compromised regardless of what password scheme I use. Installing an open source password manager doesn't lower my security by much.

Previously I tried to memorize passwords. I ended up forgetting a lot. It was frustrating trying to remember what my password was, or even whether I had an account on the site or not. The user experience of being able to ctrl+f through all the accounts that I have in my database is very refreshing.

I have a quite high value video game account, and 6 people have specifically targeted me. They've attempted various things, such as trying to exploit password reuse, and utilizing previous website database breaches that I was in.

[landryraccoon]

See, for your video game accounts imo writing down your password is just a no brainer. Unless you're protecting your account from family members or roommates, nobody is going to steal a piece of paper. And what government agency cares about your video game passwords? If they want to get into your blizzard account they'll just ask blizzard for access.

[Buge]

I have had family members play pranks on me, so that is one attack I'm trying to avoid. But even ignoring that there are problems. Do I keep the paper at my desk? If so, what do I do if I want to log in on my phone when I'm not at home? And like I said, there's the risk of the house burning down. My house is kind of a mess, and I have lost pieces of paper before. I could keep it in my wallet, but what if I lose my wallet? I guess I could keep multiple pieces of paper, but that just increases the chance that I would lose one. And I then I have to worry about keeping the papers in sync. And it's not just the video game account, they also attack the email associated with the video game account, so I have to put that there too. And then the recovery email for that email. Maybe I need to put my cell provider password there too, because people hijack mobile phone numbers some times for sms account hijacking. This just leads to a paperwork overhead problem that would be better for a computer to solve. Digging through my wallet or digging around my desk trying to find a piece of paper, and then typing a password character by character from the paper sounds really annoying.

I don't see what benefit the paper would have. Whether it's paper or a password manager, if my computer is compromised they'll get my accounts with a keylogger.

[__ddd__]

An attack that requires installing a keylogger and communicating the results over a period of time is less robust than an attack that searches your system for passwords at rest. How often do you lose your wallet? Hopefully less often than you change your passwords...

[Buge]

Either way they have to communicate online, and either way there is some data on my disk (cookies). Storing my 500+ password on paper is just not practical, and just storing a small fraction doesn't help much because those would be the most frequently used ones.

I've never lost my wallet, but my brother lost his a couple months ago. I never really change my passwords except when I was switching from my old crap password to unique strong passwords in my database. The problem with losing my wallet would be that I would lost access to all my accounts if that was the only copy of the paper. It would be an availability problem.