A password on a post-it is only bad if it's the password to gain access to your machine. If I put my password for HN on a post-it next to my home computer, it's about as safe as it will ever be.
Honestly, if someone has broken into my home, my password to HN will probably be amongst the least of worries (and lowest on the list of priorities for the thief to pick up - I'll loose my computer before I loose the password).
Biometrics are only useful if the remote database and the transmission path is secure. If not, they can re-create & retransmit the biometric hash much like they do your password.
I don't think Schneier recommends a hint. That's only good if your password sucks to begin with.
And it's not the 'writing down' part that's a security risk, it's the 'storing in an insecure location' that is. Password in wallet, fine. Password post-it stuck to monitor, not fine.
"If you can't remember your passwords, write them down and put the paper in your wallet. But just write the sentence - or better yet - a hint that will help you remember your sentence. "
Quite often in companies I work for, forced expiration leads to passwords written on post-its, because people cannot follow the pace.
Maybe having a biometrics authentication coupled with some kind of 1password would be better!