[thiagoc]

I have used a similar aproach, but I don't hash them. Here's a example:

Supose I have the master password "t3st1ng" and "!@#" as separator. When I want to register on site www.reddit.com, I just use the password "reddit.com!@#t3st1ng".

This way I always have a strong password and I can use different passwords in every site, and I just have to remember the master password.

[midas]

This is dangerously insecure.

Let's say badsite.com stores your password in plaintext and their database is compromised (or they're malicious actors in the first place who created the site with the purpose of gathering login credentials).

Now, an attacker who sees this will try go to gmail.com and enter the password gmail.com!@#t3st1ng (with your email address), or bankofamerica.com and try bankofamerica.com!@#t3st1ng.

[thiagoc]

Yeah, you're right. Maybe a more secure way would be make reddit.com unreadable. For example:

mctddr (backwards without dot and vowels)

r5d9t (change vowel with the position number in the alphabet and without repeated letters)

There are several ways to do it.

[Zikes]

However clever you get with your mental encoding, it can be decoded by anyone at least equally clever.

[Zikes]

This is exactly as bad as a single master password, because now I know your hypothetical password for HN is "news.ycombinator.com!@#t3st1ng".

[dchest]

Ehrm, what's the purpose of it? Once one of your passwords is leaked, your master password is leaked too.

[27182818284]

I would never recommend using this for mission-critical passwords like your bank or Gmail, but I think for most throwaway sites in the past, this was OK. Now with the availability of password managers, I think the clear winner is to use a password manager.

[Artemis2]

I prefer running a simple algorithm in my head so if my plaintext password gets leaked, an attacker can't just replace "reddit.com" with the name of another site.