Bruce Schneier has published an article on "Safe Personal Computing" on his blog. If you are interested in information security or privacy issues, you should keep an eye on Schneier's work. I can't say that I disagree with a word in this article, including his advice on passwords:
"You can't memorize good enough passwords any more, so don't bother. For high-security Web sites such as banks, create long random passwords and write them down. Guard them as you would your cash: i.e., store them in your wallet, etc."This advice runs contrary to the "best practice" of never writing down passwords that we've been giving our users for the bulk of the ten years or so that I've been in the IT business. Weak passwords seem to be the primary cause of most of the system compromises that I've seen in the last year or so. I would much rather have users use strong passwords and write them down than having weak passwords that are easily guessed by worms and automated tools.