[imajes]

at this point there's no real reason not to use a random password generator for _every_ site. There are plenty of apps out there for auto login, and / or most browsers will do this for you. Yes, there's some pain syncing with mobile devices but this will go away at some point (modified oauth to validate devices?).

Password schemes like this are still inherently breakable; as soon as someone gets your key password then the rest is trivial to figure out - so why bother with the complication?

[jackfoxy]

Because if you really are that important your nemesis will go to a lot more trouble than that to crack your security. Camouflage is about using simple means to hide in plain site.

[vaksel]

until your computer crashes and you find yourself locked out of every site on the internet. No thank you.

+ what do you do when you aren't using your own computer. Want to check your email at work? Nope sorry, gotta provide the 25 digit randomly generated password.

Nothing is unbreakable, if someone wants your password they'll get it. For the password generator case they can just break into your house and steal your computer. Or organize a group of mercenaries to take hostages at AT&T to gain access to your packets....hey we are talking about a nemesis right?

And here is an added bonus...how do you know that random password generator app isn't sending all your passwords to a master file? Whoa, did I just blow your mind?

Different passwords is all you need for protection. That way if the company loses your username/passwords, the bots that will be using that information to check the passwords on other sites, won't get a hit.

[imajes]

So, you made all kinds of awesome points that I went thru before i switched to random passwords...

a. (on not having access to your passwords). iPhone with them helps. (yes, i have to unlock that db with my hashing password). But in reality, I prefer that I can't get access to my email/facebook/whatever without having my machine. If i'm at work, I should be working... but it's the same machine anyhow ;)

b. true about stealing my machine. But again, my passwords are locked by my one key control password (which i don't easily remember either... yay for muscle memory ;)). Yes, it's a SPoF.

c. I clarified with Little Snitch. I don't really care that much. Because you're right: if one company screws you over and unveils your passwords, then having a scenario where people could then log into your email or bank means end of identity and a life of credit hell.

I just think that having a predictable password scheme is about the same as having the same password. If it's easy to guess, then you may as well have the same. IMHO, the only way to guarantee against any problems if one of your passwords is exposed is to go random. :)