The reason for using a unique password for every account is to limit the risk. If someone obtains a password or cracks an account, you want to limit them from getting access to more data. For example, if you have two accounts, one with administrative privileges, and one without, I hope you have a different password for them. It is always a good rule to have different account passwords. Certainly, however, you must weigh this risk against the risk posed by writing down or otherwise storing passwords (I can't remember 16 either).
Writing down passwords or storing them electronically is not in itself bad -- it's where and how you store the recording. Having a PDA file of your passwords and no encryption on the PDA and no password on the PDA is not very secure. Locking the list up somewhere or having an encrypted file on a device that is not accessible from the network might be reasonably secure. You are going to have to weigh the risk of each possible solution to the problem. And one other caveat… if the 16 passwords at work exist because 16 different resources must be accessed, it may be that having the same password for some of the accounts may not be as large a risk. After all, a good single-sign-on implementation might provide you a single account that allows you to access all resources. Remember, no security rule is absolute. There are super "best practices" that must be tempered by the organizations and situations "best security."
This was first published in September 2004