[kybernetikos]

In my system, you have a number of additional pieces of information that are used to generate the password, including a counter and a salt. If you need to change your password, you would typically just increment the counter. You can also do this if the password policies don't allow your password for some reason.

This does mean that you need to remember what the version is. Fortunately this information doesn't need to be kept secret. I also have a system that generates emojis based on your settings, so as long as you remember the emoji that goes with the site, you can just increment it until you get the right one, so it's down to you whether you store the version number somewhere or remember the emoji.

I use URLs by default, but you can enter anything you want into the 'purpose' field. It's still pretty raw, but it's at https://github.com/kybernetikos/sinkless

Most of the complaints people have about deterministic systems don't really hold up in practice for me. Protecting them by 2fa would be better of course, which deterministic can't do and lots of the good password managers do, but I really dislike having to worry about syncing state beyond just emailing it to myself.

One thing that would be awesome would be if someone came up with a standard machine readable way of describing the limitations on passwords for sites (allowable characters, number of characters, any restrictions on previous values / sequences etc), and all good sites could embed that information, and poor sites could be looked up in a third-party service.