I worked in a place with a security policy that included having somebody from IT walk through the offices looking for this kind of thing (e.g. Post-It notes under keyboards, on cube partitions, etc).
This, in a place that had been a division of another company until a week before my arrival there: so all the legacy systems of the previous corporation plus all the systems of the new corporation, many of them providing the same services.
And password policies like "you must change your password every six months, a password must contain at least one upper case letter, one lower case letter, one digit and one special character" of course, without telling us which special characters were allowed and which were not allowed. Oh, and you couldn't use a password that you had used in the previous 18 months.
So of course, remembering all these passwords was difficult. Some people resorted to Post-It notes, some to noting the passwords in a cellphone or a notebook. A notebook in a locked drawer, of course.
But if a Post-It note with a service name, login name and password was found during the security walk-through, it would be tried out... So guess what happened. People would write down spurious combinations of login name and password. Or write down a service name that didn't exist. The walk-through sometimes took a long time... so trying out the passwords was abandoned; the Post-It notes were simply confiscated and the person whose cube it was would get a new training requirement to follow, yet again, the IT Security Policy training course.