[ufo]

I'm not a big fan of the algorithmic password systems. In practice you need to remember some bits of state for each separate website, because of different password rules or because you had to reset the password. This results in either needing to memorize a lot of information or writing it all down somewhere. The former has the same problems as memorizing passwords without assistance. And if we need to write it down, then we might as well write down a long and totally random password for each website.

If the worry is losing your phone, some of the popular services such as Bitwarden can also be accessed via a web interface, without installing the app.

[umvi]

Writing down website rules (ie which websites have length requirements, etc) is not the same as writing down passwords. The former is already public information. I keep track of website rules in a Google doc for reference and if compromised it does not give an attacker any information that isn't already public.

If BitWarden can be accessed from a browser it means all my passwords are on their servers, whereas with an algorithmic password generator the passwords are in my brain alone