In today's security climate, passwords are apparently no longer enough to guarantee user authentication. We see a lot more topics arround that aerea and sometimes the conclusions are opposite to each other.
See also: http://news.zdnet.co.uk/internet/0,39020369,39218136,00.htm
However, I cannot completely agree with the statement, that if a user writes down his password, this is always a bad idea! What's the better way: A single, simple to remember password for all acocunts, or multiple complex passwords, but somewhere (perhaps coded) written down? Doesen't it depend on where the attack comes from? Doesen't it depend on the risk of exposure of the writen down password? Of course, a two factor authentication is normally stronger than a username/password combination, but is it not possible to have strong AND usable passwords?
Well, a good chance to hear or discuss about such topics is visiting us at Security-Zone at the Password Session! Hope you will be there!http://www.security-zone.info/php/congresso/products.php?pos=30b01