[schmichael]

If the password journal my mom left at my house while visiting is any indication: absolutely not.

Use a password manager, remember a 2nd password for your email yourself, and then use a second factor for as many things as possible. USB keys are best, but anything is better than nothing: SMS, Authy, Google Authenticator, phone call, whatever. Chrome and Safari both have password managers these days, and some Chromebooks even have a builtin second factor. 2FA is still a hassle for sure, but it's getting better all the time.

[llbeansandrice]

People like to dunk on the password journal but I find it hard to believe that someone is going to break in to your mom's house as the way to access her bank or facebook account.

It's a horrible idea to leave the password for the database sitting next to the admin's workstation. But physical access is a vastly different concern for a corporation than an individual.

Threat surfaces are different for different people. I'd _love_ if my parents kept a separate password notebook instead of an unlocked note on their phone.

2FA is obviously good but different. But a notebook is an entirely offline password manager and it immediately lets people do one of the most important things which is not repeat passwords.

[nonethewiser]

Yup. Writing passwords on paper, at home, is just about as secure as it gets.

[bongobingo1]

Self hosted, on-prem, 2FA (something you have and somewhere you are). If your handwriting's bad enough you're almost pushing into some kind of biometric lock.

:)

[insane_dreamer]

The password journal is probably the safest providing the passwords themselves are strong. The likelihood of someone compromising your mom's passwords online are an order of magnitude greater than someone breaking into her house and copying her journal.

[jrm4]

Unless she picked bad ones, or is prone to leaving it places, what exactly is the problem with the journal?