Should You Write Down Your Passwords?

"Never write down your passwords" is one of the most repeated pieces of security advice — and it is too simplistic. The truth is more nuanced: writing passwords down has genuine strengths and genuine weaknesses, and the right answer depends on which passwords, written how, and stored where. Let us think it through honestly.

The case against writing passwords down

The classic fears are real in certain settings:

• A sticky note on a monitor or under a keyboard is visible to anyone nearby, including coworkers, visitors, or cleaning staff.
• A notebook left on a desk can be photographed or stolen.
• A list that travels with you can be lost.

In a shared office or public space, a carelessly placed password list is a real risk. This is the scenario the old advice was written for.

The surprising case for paper

Here is what that advice misses: paper cannot be hacked over the internet. A password written on paper and locked in a drawer at home is immune to malware, phishing, remote breaches, and credential stuffing — the attacks that actually compromise most people. A remote attacker on another continent cannot read your notebook.

For many home users, a strong unique password written down and kept in a secure place at home is *safer* than a weak, reused password they can remember. Security experts have increasingly acknowledged this: a written-down strong password beats a memorized weak one.

The nuanced answer

So, should you write down passwords? It depends:

• Writing down a strong password and storing it securely at home: reasonable, especially as a backup. Far better than reuse.
• A sticky note in a shared or public space: a genuine mistake. Avoid.
• A plain-text file on your computer: risky, because it is exposed to any malware or anyone with device access. Worse than paper in many ways.

The danger was never "paper" specifically — it was *insecure storage*, whether that is a visible note or an unprotected digital file.

The best of both worlds: a password manager

A password manager is essentially a secure, encrypted place to "write down" all your passwords — searchable, autofilling, and protected by encryption. It gives you the benefit of not memorizing passwords without the risks of a visible note or an exposed file. For most people, this is the right primary system. See do you need a password manager. On a Mac, Passlock stores passwords offline in the encrypted Keychain — a secure digital vault that never leaves your device.

When writing things down is genuinely good

A few things are worth recording on paper and storing securely:

• Your master password or password-manager access details, as an emergency backup, sealed in a safe.
• Your 2FA recovery codes.
• A digital legacy plan for loved ones. See digital legacy password plan.

These are exactly the secrets you cannot afford to lose, and a secure physical backup is prudent.

The bottom line

"Never write down passwords" should really be "never store passwords insecurely." A strong password on paper in a home safe is fine, even smart, as a backup. A sticky note on your monitor is not. For everyday use, a password manager beats both — and for a few critical secrets, a secure written backup is wise.