A system to "salt" or add something to your password to make it different for each site is a really good idea if you need to have passwords you can remember, but that will also be fairly secure. You just have to invent a method for generating a salt from the site name that is not at all obvious.
This is not secure, if 2 password are calculated the rest can be guessed. Salts should be random.
It is totally secure if someone only has one of your passwords. To get two passwords, they have to hack two different sites that have your plaintext passwords. Then they have to work out how you have altered the passwords (that probably uses a method you make up that can be totally different to the example), and then they have to work out the method you use to generate the seed (which can be way harder then the method I suggested). The seed can be much longer.
Random passwords for each site is the best, but then it is impossible for you to remember them.
This was a compromise suggestion that means you have probably as close to secure as you probably need, but also you could remember the passwords for each site
Say your favourite password is "aaed5ght". For Facebook, you might take the first 4 characters "face", increment each letter by one to make it "gbdf", put them in reverse alphabetical order - "gfdb" and then add this to the start of your favourite password to make it "gfdbaaed5ght" for Facebook only. If someone works out your facebook password, they still will not know any of your passwords for other sites.
This is not practical. Best passwords are long passphrases.
Saying it is not practical with no reason doesn't make any sense to me.
"gfdbaaed5ght" is 12 characters. Even if they know I only used lowercase and numbers, a brute force attack still requires up to 30,000,000,000,000,000,000 guesses. If it is not enough for you, add a few more characters.
I cannot see any reason this is not practical, and it is far better then the typical 6-8 character non-random passwords that many people use as login passwords.
For most uses, a 10 random character password is pretty secure. It probably can be broken, but the people who can break it can probably get a warrant to access your account anyway.
I do particularly hate sites that require capitals, numbers, punctuation, etc in passwords as that just gives an illusion of security. Every site that requires this nonsense does not properly understand security. A good password is random and long, and the mix of character types ultimately hardly matters. You can have a very secure password made of just "1"s and "0"s if you like.
Forced password rules are always bad. Also having a pass made out of numerals is a guarantee it's in a rainbow table.
All passwords are made out of "0"s and "1"s - didn't you know computers store information in binary? So of course a password made out of "0"'s and "1"s can be as secure as any other password in existence - as long as you have enough "0"s and "1"s.
Numeric passwords are only vulnerable to attack if they are too short. The rule of thumb is that a password made of numerals "0" to "9" has to have about twice the characters as a password made from lower case+upper case+punctuation+numerals to get identical security.
If you are talking about the brain-dead sites that only allow an 8 character password - that is a different problem. For them, you will want to use every possible useable character to generate a password.
One of the problem with requiring numbers and punctuation in a password is that many people use Leets (or L33t) where you say replace an "e" with a "3", an "i" with a "!" , an "L" with a "1", and you end up with a supposedly secure password like "\/\/!11!am" instead of "William". Unfortunately, the hackers know all about Leeting, so it does not add anything to security at all.
Leeting adds significant iterations to dictionary attacks. Unfortunately people pay big money for cloud computing just to crack hashes so while a home PC will take many times longer to precompute leeted passes, there are existing, private tables that already have them.
The point I was trying to make is a bad password (such as a dictionary word) + leeting is far worse then a random character password. Leeting make the user, and the password check algorithm on the site think they are using a secure password, when it is in fact they have a really really bad password. When I have seen leeting used, it is usually done to a word that is a very bad password.
As much as you may hate it, people have to log into many sites, and just about everyone wants a password they can remember, as they cannot write the passwords down. How can anyone remember ten 12 character random passwords with no chance they may wake up one day, and find they have forgotten one.
If you have to write the passwords down and carry the piece of paper around with you, then you have just made a bigger security hole then everything I have suggested up to now.
There are sites like Onepass, and packages like Keypass - but you may not want to trust them.
Richard.