I'm starting to think that if you're a security-conscious person and understand what's at stake, then the best solution for you would be to simply memorize it. Your mind is the only place from which an attacker can't steal your password without drugging you or beating you up until you give it out.
The main limitation of that is that your passwords are limited to what you can memorize. Which, for most people, is not very much. Even for just one password, never mind for multiple services. I think if you're a pragmatic security conscious person you'd weigh the trade offs...and I thinking of it as just "simply memorize it" opens you up to other problems.
Yes, I know. But I was thinking about serious people, not general population. Most people are not willing to expend more than 2 seconds of effort before deciding "it's not working, I need to make it simpler / write it down". They don't notice that they probably still remember things like their first girlfriend's phone number, or any random string they've been typing in more than 10 times a day. If you put even half the effort into memorizing something as most do into picking and maintaining e.g. password managers, you'll find that your memory is a better tool than you expected.
Different loss scenarios. After a bike accident I lost some memory (especially peoples names, but I lost a password I'd set that week). I had no backup and there was no email reset. I just lost access. Now, that ended up not being a huge deal, but had it been say a Bitcoin wallet it would be over.
