Originally posted here by MsMittens
Not by much. Especially given the way people are in public. I went for sushi today and listened to a group yapping about work. One guy was on his Blackberry and leaving it in public view. I've seen people leave their wallets open after taking out their credit cards. Any sticky notes, which often lose their "stickiness" in a hot wallet, tumble out, unbeknownst to the wallet owner. Personally, IMO, it leads to slack security views and a false sense of security.

Either do it all or not at all. Half-assed security doesn't help.
I agree, writting down and keeping the note in your wallet is asking for problems... what if the wallet is lost / stolen?

IMHO a better concept is to combine things to make passwords.
For instance, make a sentence and take every x letter from that sentence and add the number of letters or something similar.
eg: apples are green and trees are brown
aagatab7


About the maximum of 7 chars to be remembered, indeed this is correct. Experimental psychology learned us that we are only able to remember 7 things. And as a 'coincidence a week exists of 7 days and in many countries phone numbers are in parts respecting the idea of 7 chars max; zone number + 6 digits so we can easily remember them. If they exist out of more it becomes difficult.

I do not agree about the training of staff and difficulties that would bring, a human mind can easily be trained to remember more than 7 numbers in short memory and even in long memory. For example the waiter in a restaurant can train himself to remember instead of writing down. A system admin using complex passwords daily is probably capable of entering them just out of habit and key sequence instead of recaling from his pure memory, so he / she gets motorical aid on typing the password. Some admins probably can't tell their passwords but can type them. This is also related to the post above where people remember a simple word or sentence to construct more difficult passwords. When you add logic you can remember a lot. Next thing is that many companies use fake words for their passwords, they use passwords that sound like words but they are not, just a wise use of consonants and vowels done by a password generator. Like for instance: retipogasefym