Oh, they are. I keep telling people to WRITE DOWN YOUR PASSWORDS, and NEVER use same password on two sites. They dont listen. Its a lot easier to just remember 1-4 variations of a password and use that than carry around a password notebook. And they think themselves safe.

Honestly, the best solution for this is a password manager and not a notebook. The average person is not going to come up with strong passwords on their own for every website. A password manager once setup can be more convenient than whatever they were doing before, so if you can get people to use one they'll be in much better shape.

I’m thinking most people shouldnt use passwords at all anymore. They are a huge point of failure because people are people. We need something else to be the norm. How can we make hardware keys or something the norm for logging in? Have everyone carry around a bankcard-like thing that fit into every computer where people need credentials. Would’nt that be safer while still being accessible and convenient?

My understanding is that this is basically what the whole passkeys initiative is. I have sort of mixed feelings on it. Hardware tokens for logging in is great, but I worry about people stealing the hardware tokens from others. Mostly people are going to use their phones, though, which should have some other mechanism of authentication.