This times a lot. I'm far from a naive user, but I recycle a handful of easily memorable passwords for most of the services I subscribe to. And I'm willing to bet that most of you do too.
Security is a tradeoff, and we tend to forget that complex, unique passwords have a very real cost. They drastically increase the risk that I will lock myself out of some service, and dramatically increase the workload of authorizing myself when I do want to use it. With a few obvious exceptions, this tradeoff is a huge net loss for the average user.
In other words, the risk of some stranger wanting to post as me in HN is acceptably small. The cost of having to install KeePassX, then download my passwords file from Dropbox then decrypt and copy/paste, then make sure the paste register is clear, then securely delete my passwords file every time I borrow a friend's computer is prohibitively high.
Real question: assuming you live alone is 'next to your computer' eg in your own home considered a safe place?
What's the risk of a physical robber stealing bits of paper next to your computer desk then hacking your accounts?
"A safe place" really depends on your threat model.
If you live in a place where home entries by persons with an interest in your online accounts is common, then no, your home would not be a safe place. This could include: living under an oppressive nondemocratic regime, living in a democratic regime with broad search and investigation rules, living with your snooping parents, having an ex with (authorized or otherwise) access to your home, roommates, roommates friends, being a highly social person hosting parties and not being able to secure your computer area.
Among others.
A friend tells doing consulting work with a national diplomatic corps in a foreign country, using his personal Linux laptop, had the device scanned on his exiting the country by a known, trusted, and competent security expert. Several surveillance mechanisms were detected.
The offices of faculty and staff at major universities associated with that foreign country are also subject to surveillance software, according to the same source. Those offices and the buildings they are in, as well as the associated computer networks, are generally readily accessible.
Computers are complex enough, even for sophisticated users, to be difficult to secure completely.
An advantage of physical, nondigital records of passwords is that they provide a much smaller attack surface. Computers (especially always-on systems) can be attacked from anywhere on the Internet (at least in theory). A slip of paper concealed in some out-of-the-way place in your home is much less likely to be found, though unless it's encrypted, it's much more likely to be useful if found.
Yes, if your adversary has physical access to your home, your computer, or other methods of installing backdoor software on it then the question of password security is rendered moot.
You can't have a secret and type it on a compromised computer too.
My point was to put the question in its appropriate context: it really depends on your threat model. And if that model includes those whom you'd prefer not acquire information having ready access to your house, then no, it's not safe.
Similarly: if that's not a problem for you, it's a perfectly reasonable practice.
That said: I'd probably try to find a slightly more obscure and/or secure location than in plain sight.
Your threat model matters. It includes possible attackers, their modes of access, likeliness of access, the assets you're trying to protect, and how they might be used in ways damaging to you. Any significant discussion or assessment of security should be framed in this context, and it's very much generalizable beyond online, electronic, or data systems.
I completely agree it depends upon your threat model. But I find the term 'threat model' isn't that useful when a simpler answer is possible. The term is great for leading you to ask more questions.
One huge advantage of the paper system is people have thousands of years of collective experience dealing with the security of paper documents. For example, the 4th Amendment to the US Constitution reads "The right of the people to be secure in their persons, houses, papers, and effects, ... shall not be violated...".
The question "is it safe on my desk next to my computer?" illustrates how users tend to discount their own experience and common sense once computer security gets involved. This is certainly reasonable from the users' perspective. We've all had absurdly counterintuitive experiences with computers, heard astonishing stories about hackers, and gotten plenty of nonsensical advice from the 'experts'.
It's domain-specific language. It is a model. Of your threat profile. Of risks, exposures, etc. Understand the concept, it's useful.
One huge advantage of the paper system ... Paper has many advantages. I own a great deal of paper. I love paper. It's tremendously stable.
It's also hard to search, expensive to duplicate, and carries a risk of single-copy loss. Even misplacing (without destroying) a document can be a crisis.
Those are all parts of the paper threat model.
Your mention of the fourth amendment brings up s great many other issues, and I won't discuss them, but generally pointing in the direction of:
Are electronic records "papers", and in what contexts and locations are they treated as such.
Do protections against unreasonable search protect against warrented searches? Or warrantless searches?
As for practical experience: I've had some in the areas of which I write here.
The category of attackers who are willing and able to commit a (possibly violent) physical crime to obtain one or more of my login passwords is much smaller than those who will successfully exploit weak and re-used passwords over the internet.
Well, consider that if an attacker has physical access to your computer there's a pretty good chance you are screwed even if your password isn't written on a sticky note under the keyboard.
Security is a tradeoff, and we tend to forget that complex, unique passwords have a very real cost. They drastically increase the risk that I will lock myself out of some service, and dramatically increase the workload of authorizing myself when I do want to use it. With a few obvious exceptions, this tradeoff is a huge net loss for the average user.
In other words, the risk of some stranger wanting to post as me in HN is acceptably small. The cost of having to install KeePassX, then download my passwords file from Dropbox then decrypt and copy/paste, then make sure the paste register is clear, then securely delete my passwords file every time I borrow a friend's computer is prohibitively high.