Nobody paying attention was trying to get regular people to stop writing their passwords down. Threat models matter, there are no regular people for whom "Bad guys steal the book I wrote my passwords in" is a real threat. I bought my mother a nicer (but still inconspicous) Password Book for Xmas. Do I use one myself? Of course not, I have a password manager - but I run vi and flood-wired my home with Cat5 and my mother won't be doing either of those things either.
Regular people get done by credential stuffing, by phishing and straight up guessable passwords. Two out of three of those is fixed by having lots of separate passwords written in that old diary kept in the third desk drawer.
Phishing is hard, against online phishing (as opposed to lazier attacks that collect credentials offline to use later) the only really good defence is WebAuthn/ U2F and too many sites ordinary people care about don't offer that.
I agree to some extent, however most people I have seen with password books still have very simple passwords and often reuse them or create them with simple rules (pet's name + year born + first three characters of the site I'm logging into).
Regular people get done by credential stuffing, by phishing and straight up guessable passwords. Two out of three of those is fixed by having lots of separate passwords written in that old diary kept in the third desk drawer.
Phishing is hard, against online phishing (as opposed to lazier attacks that collect credentials offline to use later) the only really good defence is WebAuthn/ U2F and too many sites ordinary people care about don't offer that.