I'm a 20 something and yeah, I'm guilty of passwords on post-its, passwords in unencrypted text files.
Fact is I have about 40 business logins for various systems. I also work in an access controlled office. Anything critical like the crown jewels or stuff that actually matters, sure, I'll keep in my head, or write down in obfuscated form.
But the HR system to book my holidays? pah. The learning system to do the "how to sit at your desk" courses? nope. Even my performance review tool - you can enter loads of comments about how you think I've done - you're welcome to do it - my manager never reads it anyway. My SAP user account - again, feel free to book my hours for me. My Hire-car account. My company conferences account. My student loan balance login. The department milk fund excel sheet. - none of these hold anything even remotely interesting or useful which can be stolen, no credit cards, no addresses, just mind-numbingly boring information about me.
The employee data system with my bank details and health records - that ain't written down. Neither is the one that grants access to the company IP as that requires the 2FA RSA key. The problem is in business, that every single time you need to view information, the default is to require a password, when a username alone would do. We're rolling out enterprise single sign on, but the completion date is October 2375. Until then, I'm going to keep them all in an easily accessible, easily hacked form because I don't flatter myself that people would actually care.