An unmemorable strong password written on a memo should be viewed as 'what we have', definitely not 'what we remember', so it could be used as one of the two factors along with a remembered password.
<URL>
https://www.slideshare.net/HitoshiKokumai/identity-episodic-memory
1. No-Cost 2-Factor Authentication
An unmemorable strong passwords written on a memo should be
viewed as 'what we have', definitely not 'what we remember', so it
could be used as one of the two factors along with a remembered
password.
Although it may not be able to compete with a 2-factor scheme
involving a PKI and OTP-based authenticator, a ‘boring legacy
password system’ can be a two-factor authentication system made
of ‘what we remember’ and ‘what we have’ just by verifying two
passwords per access.
The merit of this plan is that the two-factor effects could be
somehow achieved straightaway WITHOUT involving any costs
of deliveringand certifying the hardware tokens.
This kind of simple no-cost 2-factor schemes could have long been
in broad use but it did not happen. We are wondering what
prevented it from becoming popular. (Good security solutions
come with a big price tag in many cases, so we might have taken
it for granted that a solution coming with no big price tag cannot
be a good solution.Was it?)
For the part of a remembered password, we could suggest making
use of our autobiographic/episodicmemories as outlined at
https://www.slideshare.net/HitoshiKokumai/identity-episodic-me
mory