Absolutely. I use a password manager for everything except a handful of ultra-critical sites, mostly things involving money or attack vectors to get access to my email. For those sites I don't trust to store in LastPass, I write the passwords down on paper. But I also do something I haven't seen others recommend:
Have a (logical) salt for all of the passwords. Don't write down that salt.
So, if you found my piece of paper with passwords, you might see something like this:
Etrade - I1999IbmfsaaymIwIbmoi
Gmail - D9cjeawfocsIdkwhtfts4r
But my actual passwords are something like this:
Etrade - I1999ibmfsaaymIwibmoi804WMainStreet
Gmail - D9cjeawfocsIdkwhtfts4r804WMainStreet
804WMainStreet is tacked on to the end of all of them, but you wouldn't know that from looking at the sheet of paper. Only my spouse knows the salt, and it's easy for us to remember, e.g., maybe 804WMainStreet is the address of the first place we lived together. In theory, this is reducing randomness, which might make it easier to crack one knowing the others, but I'm not super concerned about that.
The two most important elements of security for regular consumers are:
1) Use different passwords for everything.
2) Use multi-factor auth when available.
Whatever you have to do to achieve that is better than not doing it.
*And I actually use initialism for these passwords so I don't have to pull out the piece of paper often, only when I forget. In this example, the Etrade password might be derived from "In 1999 I bought my first stock as a young man. I wish I bought more of it."
> *And I actually use initialism for these passwords so I don't have to pull out the piece of paper often, only when I forget. In this example, the Etrade password might be derived from "In 1999 I bought my first stock as a young man. I wish I bought more of it."
Ideally, you'd just set "In 1999 I bought my first stock as a young man. I wish I bought more of it." as your actual password :)
Have a (logical) salt for all of the passwords. Don't write down that salt.
So, if you found my piece of paper with passwords, you might see something like this:
Etrade - I1999IbmfsaaymIwIbmoi
Gmail - D9cjeawfocsIdkwhtfts4r
But my actual passwords are something like this:
Etrade - I1999ibmfsaaymIwibmoi804WMainStreet
Gmail - D9cjeawfocsIdkwhtfts4r804WMainStreet
804WMainStreet is tacked on to the end of all of them, but you wouldn't know that from looking at the sheet of paper. Only my spouse knows the salt, and it's easy for us to remember, e.g., maybe 804WMainStreet is the address of the first place we lived together. In theory, this is reducing randomness, which might make it easier to crack one knowing the others, but I'm not super concerned about that.
The two most important elements of security for regular consumers are: 1) Use different passwords for everything. 2) Use multi-factor auth when available.
Whatever you have to do to achieve that is better than not doing it.
*And I actually use initialism for these passwords so I don't have to pull out the piece of paper often, only when I forget. In this example, the Etrade password might be derived from "In 1999 I bought my first stock as a young man. I wish I bought more of it."