Layman's view: Post it notes - the best security for the online age?
The low tech approach seems much more secure to this layman. Using sticky notes would enable longer, more secure passwords to be written down that can be easily changed regularly without stressing fading memories or taxing support staff with forgotten passwords. So long as it's kept in an individual's wallet or purse, then I'd regard that as much safer than pretty much any currently available technical means to protect it. And if as suggested, there was a substitution on at least one character then it'd be useless to anyone who did read it anyway.