Just write them down
Not changing password was recommended by IBM many years ago. It is a mystery why so many organisations were fixed on a counter productive change regime. If somebody who wants it gets your password they will use it now not in 4 weeks time.
I reuse a few passwords not written down, with salt for sites that I regard as not being important, like TheRegister. For my machine passwords they are not written but then I have not changed them in many many years. For important sites like banks, they are hugely complex and written down, because that is the only way I can remember them, in a book kept next to my computer, in a mildly obscured form that I trust would fool a passing opportunist, but not I am sure a real spook, but then they have, I am also sure other means of accessing my accounts...
I think I have been safe, so far, touch wood, but who can be sure? I did have card details stolen once, but my bank spotted it before it was used. I think they were for sale on a list somewhere.
All the above is very slightly inaccurate, but I will not say how.
Biting the hand that feeds IT
