Re: What about paper?
For most people the vast majority of the systems and services we use depend on us having access to a particular email account – that is ultimately how we are authenticated – not through knowing a password, but through our ability to access the email account we registered with. I can forget all of my passwords and still have access to all my accounts by clicking 'forgot password' so long as I still have access to the registration email.
Knowing and protecting the password/access-rights to that email account is really really important – knowing the passwords to all the other accounts, ultimately, not so important.
Personally I try to use a strong but memorable password for my main email account (easier said than done of course) and store that password only in my brain. That way (assuming my email service provider hashes passwords) no plain-text of it should ever permanently exist anywhere in the Universe other than encoded in my neurons (unless someone exfiltrates it during a logon – which is of course possible for any password based system if either end-point is dodgy or there is a man-in-the-middle – but hey – nothing is perfect).
Also, I agree with some here that paper (as an aide memoire for strong but less essential passwords) should no longer be blanket ruled out.
I remember reading an interview a while back with one of Google's security bigwig admins – he said he always used strong passwords, a small number of which he memorised, but most of which... he recorded with the aid of a physical (paper) notebook.
The threat landscape has changed: Malware and assorted hacks mean that the security of end-point devices and in some cases even data on servers might (in some scenarios at least) be rather worse on average than the security of a piece of paper (or several pieces of paper) stored physically in a building or on-person.