Aside from how painful that sounds, paper notepads can easily get lost. And if she's out and wants to check stuff on her phone (or trying to check her bank account at my aunt's home, or whatever), is she supposed to carry it all around and risk getting it stolen? If that's the implication, I'd rather she just have kitten4 at that point.
(And re: the grandma thing: it's nothing specific to grandmas, it's because the moment you suggest your audience is "college educated developers in their twenties" as in your case, people throw the notion of UI/UX out the window and recommend you suggest they compile their own kernel first. It seems you just can't win.)
If we make a crude risk assessment, it is way more likely that her account will be randomly hacked by a botnet if she has "kitten4" as a password than someone actively stealing her purse to get her passwords. And if the notebook with passwords was stolen/lost, she would at least know it and be able to take preventive measures.
For most people, writing (good and unique) passwords down in a notepad is a way more secure system than having the same bad password for every account.
Having a botnet guessing the random "kitten4" password for a random user account, is as likely as having your purse stolen for the passwords on that note. FWIW "m" is almost a secure password on a root account with an SSH that allows password authentication, even if you allow brute force attacks. Imperically speaking, obvisouly it's going to fail in the end but I hope you get my drift.
> FWIW "m" is almost a secure password on a root account with an SSH that allows password authentication
This is very counter-intuitive. Is the idea that guessing both the username and the password together is much harder than guessing the password when you already know the username?
In the kitten4 example, I would guess most botnets are working from a list of usernames/email addresses that they got from leaks.
We are obviously talking about a different stereotype. My “grandma” already keeps various notepads - recipes, appointments, address books. And she never has an urgent need to check her bank account while at Auntie Rita’s. As such, this fits her needs and workflow.
Yeah. In fact most likely, she's already written down "kitten4" in a notepad somewhere, because she doesn't trust herself to remember. So asking her to use a slightly longer password is not a massive change.
(And re: the grandma thing: it's nothing specific to grandmas, it's because the moment you suggest your audience is "college educated developers in their twenties" as in your case, people throw the notion of UI/UX out the window and recommend you suggest they compile their own kernel first. It seems you just can't win.)