Years ago I was present during a security check on some computer systems, and the guy doing the inspection asked a worker to log into a particular system. The guy started reaching into a file cabinet ...
The Inspector said: “Did you write down your password? Is that what you’re reaching for right now?”
The guy said, “Uhhhhhhh. No. Because .... uhhhhh ... that would be bad ... right?”
The inspector said, “Look, if you tell us there is a password written down in that file cabinet, it’s bad. But it’s not that bad. If you tell us that you don’t write down passwords, and we find out that you do write down passwords ... then it’s REALLY bad. Get it?”
Guy: “I write down passwords.”
Inspector: “Okay.”
Yup - as the saying goes “it’s the coverup” that is the bigger problem.
I’m not against storing passwords - just, if a person does it, change the file extension from .txt,.doc or whatever, to .dll or other name & extension that doesn’t attract attention. Also, encrypting the file helps.