[Groxx]

Use any Google properties? Google.com and youtube.com (can) use the same password across two domains. I think there are others within google too. Or do they redirect to google.com for all logins? Meh. Like you said, it's a rare problem.

Thought of another problem: when you're forced to change your password. How do you encode that? Just add a version-N marker to the site name (which you have to remember)?

I'm not trying to sell you on 1Password, just point out problems with hash-only approaches :) And the storage-less nature is certainly a (big) plus when it works out, you're right.

--

And one possibly-significant danger you should be aware of: assuming you do something simple (which has the advantage of being buildable from scratch on any system, and easy to remember how), if your password is not globally unique then your security partly relies on the security of whoever else uses your password. If they lose it, anyone who knows that and guesses your username anywhere gets proof that you use the same password, so they can go test a bajillion sites immediately and with perfect success rates.

The standard technique for mitigating this is to salt the hash... but this is just another secret you have to store somewhere or memorize, so we're back where we started.