In responding to an article referenced on reddit.com, a questioner asked "Why not use passwords you will remember? Writing down a password is the worst security breach there is—but it's a reality…people are going to do it." Here's my response. It's almost identical to the referenced ones, but hey, I want to be on record with a "me too" here…
Why not use passwords you will remember? Because any password you can memorize at a go without an extremely strong memory and effort of will is not secure enough. You need an absolute minimum of 64 completely random bits worth of entropy for your password to be any good against brute-force attacks by a modern computer; that's 11 random characters from the normal ASCII letters, digits, and punctuation. You may be able to quickly and permanently memorize a password like "xk3K16NdWD#", but most people have a hard time with it.
Writing down a password is not the "worst security breach there is". It's changing "something you know" to "something you have". Other forms of "something you have" security, such as door keys, have been quite effective for hundreds of years. Most folks who would steal your wallet are equally uninterested in your house key and your password list.
Besides, with modern PDAs you can store your password list encrypted with a memorized master password that's secure against at least casual attack, greatly reducing the risk. "Something you have" plus "something you know" is a great combination; witness your ATM card and PIN. (B)