Bit by bit, people will memorize long passwords, too, after repeated exposure and handling, and at that point they will stop using the piece of paper with their long, hard-to-guess password scribbled down on, and it will have turned into one more memorized password.
The one single long password I have is 28 characters long; a random password I tapped on the keyboard and then wrote down on a piece of paper, used to administrate my ADSL modem's NAT/wifi/etc. which sadly can't be configured to allow only local login, hence the need for an "unguessable" password - however, not only have I inadvertently, from typing in the password many times, memorized the full password by the character, but I've also inadvertently memorized it motorically, and can without thinking repeat it on the keyboard in a second.
I agree fully on Schneier's advice, though, as the longer and the more random the password, the lower the chance for a dictionary or brute force success, but I'd store the piece of paper somewhere else than in my wallet :)
The one single long password I have is 28 characters long; a random password I tapped on the keyboard and then wrote down on a piece of paper, used to administrate my ADSL modem's NAT/wifi/etc. which sadly can't be configured to allow only local login, hence the need for an "unguessable" password - however, not only have I inadvertently, from typing in the password many times, memorized the full password by the character, but I've also inadvertently memorized it motorically, and can without thinking repeat it on the keyboard in a second.
I agree fully on Schneier's advice, though, as the longer and the more random the password, the lower the chance for a dictionary or brute force success, but I'd store the piece of paper somewhere else than in my wallet :)