Even Bruce Schneier has been quoted as saying that people might as well write their passwords down, as without the context (ie username), a password by itself is not worth much. Other security mavens have stated that it is better to have a strong password for a year than a series of weaker passwords.

Why not take these and expand them into a simple (and inexpensive) two-factor authentication method? In this method, a random password would be generated and put onto a card. This random password will be half of the actual complete password. The second half (or first half) of the password will be something the client can easily remember. In order to log in, the client will need to type in the password part from the card in addition to their own password part to form the complete password.

The card, by itself, is useless and the client will be less likely to write down the first part of the password. The client will also not be able to log in without the card (unless they have a good memory), and if they lose the card, a new one can be quickly generated. The primary drawback to this system is that it is a little more labour-intensive, as the client must be present in order for the second part of the password to be entered. However, it is inexpensive and quite effective.