[lcnPylGDnU4H9OF]

> Password manager might be just an algo inside of your head.

This is dead in the water as soon as you realize that a leaked and cracked password can reveal all of your other passwords. If you want to say that your algorithm can't be reverse-engineered I'd be more inclined to think that you are underestimating the people around you than that I am underestimating you.

Probably best to just consider that your not-randomly-generated password is insecure.

[reducesuffering]

There is no perfect security, so it's always an assessment of are the increasing security measures worth the cost? Even a simple algo of (base password + hash(website_name)) prevents the most common issue of any site leaking your password to a black market password list that just attempts brute force on any of the passwords on said list. It would be much much rarer for you to be specifically targeted by seeing base_password_hash(Amazon) on a list and trying to reverse engineer your bank password from that.

IMO it seems more secure than entrusting everything to a centralized source (password manager) that can be compromised.

[lcnPylGDnU4H9OF]

Yes, that's a fair point. I often forget that my threshold for "secure enough" is higher than most.

[_tom_]

https://xkcd.com/538/