| I know that you're not suggesting that people should reuse one password across multiple services. In your model: 1) I have to lose my wallet and 2) Not change my password and 3) You have to know my login email address and 4) You have to find which service the email and password work for ...and all of these have to happen in the time between setting a new strong password and learning that strong password. Because when you've learnt the pass you stop carrying it around. If you lose your wallet there's a bunch of stuff you need to do. You need to cancel your cards, for example. Keeping a single password in there (for the short time it takes you to remember it) means that there is one more step added - you need to change that password. You're also failing to do a sensible risk analysis. The threat model for passwords is "hackers, anywhere in the world". The venn diagram of that very big set has a teeny tiny intersection with the much smaller set of "people who have access to my wallet if I happen to lose it". Writing down a good password means that you get to use a good password. You get to choose a properly strong password, with many characters of mixed case including numbers and specials; or a 6 word passphrase. |