[latexr]

> one failure and the bad guys are in.

You don't have to store passwords in an off-the-shelf password manager; you can store secure notes and files. In other words, you could continue to use your current method of hints but with more organisation.

Point being that what you’re doing is not meaningfully different from using a password manager, you just manage your passwords in an uncommon manner.

[AlbertCory]

It IS meaningfully different: almost everyone expects the password manager to fill in the actual password on the form, not a hint about it.

As far as I know. Maybe someone does do that?

Anyhow, password managers cost money. This doesn't.

[latexr]

It is not mandatory for password managers to fill in passwords. Turning that on is often an extra step because you need to install their browser extension. Everyone is free to not do so.

And there are plenty of free (and open-source) password managers.

https://en.wikipedia.org/wiki/List_of_password_managers

It’s fine that you don’t want to use an off-the-shelf password manager, but if you’re not familiar with how they work in practice, perhaps you should not advise people to not use them. Your system is a way to manage passwords and from your description seems to be more complicated than most people (especially non-technical users) would bear.

[AlbertCory]

"more complicated" on the contrary. It's a homebrew system like people have used since before computers. And since it's a one-off, it's not worth cracking.

Edit: what do you consider "complicated"? Compared to all the inevitable complications of a PW manager and browser extensions? Not to mention screwups like the LastPass one.

[Yasuraka]

Did you try KeePassXC?

[AlbertCory]

No, why would I? And would one of these "unsophisticated users" even know about it?