A basic rule of password-based security is "don't write down your password." A second rule might be "don't train people to write down passwords." And a third rule, which few follow, is "don't adopt password policies that lead to people writing their passwords down" (over-aggressive change requirements often have this effect, for instance).
Best Buy hasn't received the memo, apparently. This past Friday I came in contact with a surprisingly bad password policy in action as I shopped with my brother for his new computer in Scottsdale, Arizona. He had settled on an HP Windows 7 machine and was in the process of paying for it when a Best Buy employee handed him an 8.5” by 11” sheet of paper labeled “PC Recommendation Worksheet.”
