Writing down passwords can certainly work, especially if you have decent physical security. That said, it comes with a lot of weaknesses and limitations:
- People tend to reuse passwords, instead of creating new passwords in their journal for every site. I myself have 1,260 accounts in my password vault — this would be a huge journal.
- In general people don’t understand proper password complexity, leading to passwords that aren’t very secure.
- Written passwords don’t protect you from phishing, one of the most common types of attacks people are frequently subject to. Your password manager knows that you’re not on amazon.com or apple.com or mail.google.com, even though the page might look pixel perfect. For many people, being able to distinguish between authentic sites and phishing sites can be very difficult, but password managers save you from this concern.