How did we as an industry go from "Passwords in notebooks are insecure, use a password manager" full circle back to "Password managers are insecure, write your passwords in notebooks"?