> Tell me how I am supposed to fulfill these requirements if I need 20 websites daily to do my work ?
One solution to this problem (or at least one way to severely mitigate it) is to use a base word that you tweak with a simple algorithm based on the first letter, last letter, number of letters in the domain, etc. Of course some websites have mutually exclusive requirements, so this doesn't work for all sites, but I've been doing this for so many years now that while I have muscle memory for frequently used sites, I can go to a site I haven't been to in years and have no memory of the actual characters in the password, but I apply my algorithm and voila, it works!
I changed all my passwords recently to do the same thing. The problem I've recently started to see is that, let's say for example my hashed+salted password is stolen from a site. If they brute-force figure out what my password is, they'll have my "base word" and all my other accounts may still be able to be compromised.
Recently I changed my big accounts (Google, Facebook, StackOverflow) to have a slightly different "base word" and the other accounts that I can afford to lose control of have stayed the same.
It's significantly more difficult to reuse the base and figure out the additional characters than it is to get access to the user whose password is 'password'
For insecure services that I use on mobile, public, etc computers, I do this.
Sorry, I don't have time to do so much work just to log on quickly on my email the morning or when relogging for the 25th time in the ticket manager at work, that has too short sessions.
Also, enjoy explaining your method to a lambda user, I'd bring popcorn and watch :)
Forced password changes are the biggest downside I've run into... I had to resort to a modified algorithm when LinkedIn was hacked, for instance. But for 90%+ of the websites I use it on, especially social networks and forums and the like, it's hardly ever an issue.
One solution to this problem (or at least one way to severely mitigate it) is to use a base word that you tweak with a simple algorithm based on the first letter, last letter, number of letters in the domain, etc. Of course some websites have mutually exclusive requirements, so this doesn't work for all sites, but I've been doing this for so many years now that while I have muscle memory for frequently used sites, I can go to a site I haven't been to in years and have no memory of the actual characters in the password, but I apply my algorithm and voila, it works!