Passwords are HARD to remember but it's better to have it under hand than to ask for a new one every two days because we didn't have time to remember it (my school stored students password in clear text in their DB and gave them out printed on paper sheets. Four years later, I still have this sheet in my wallet, my three passwords never got compromised and I memorized each of them after less than two weeks of heavy usage).
> IT professionals usually run screaming for the hills if you talk about writing a password down
I can understand that.
You and I keep our passwords in our wallets. Some employees keep them on post-its taped to their computer screen at work.
If a password I keep in my wallet gets compromised because it's been stolen with the wallet, I have more pressing matters to deal with than "oh crap, a random guy who stole me my wallet in the subway may use it to access our repo and add bad code in my name".
The point about "not that bad" is that security is an illusion: you can use a thousand passwords everywhere with different set of keys for github, server A and server B, change password every week and never write it down, plus a little bit of tin foil hat paranoia,... But in the end, a $5 wrench will make you spit out all the access keys needed by someone who REALLY wants an access.
Passwords are HARD to remember but it's better to have it under hand than to ask for a new one every two days because we didn't have time to remember it (my school stored students password in clear text in their DB and gave them out printed on paper sheets. Four years later, I still have this sheet in my wallet, my three passwords never got compromised and I memorized each of them after less than two weeks of heavy usage).
> IT professionals usually run screaming for the hills if you talk about writing a password down
I can understand that. You and I keep our passwords in our wallets. Some employees keep them on post-its taped to their computer screen at work.
If a password I keep in my wallet gets compromised because it's been stolen with the wallet, I have more pressing matters to deal with than "oh crap, a random guy who stole me my wallet in the subway may use it to access our repo and add bad code in my name".
The point about "not that bad" is that security is an illusion: you can use a thousand passwords everywhere with different set of keys for github, server A and server B, change password every week and never write it down, plus a little bit of tin foil hat paranoia,... But in the end, a $5 wrench will make you spit out all the access keys needed by someone who REALLY wants an access.