I have regular nerd-arguments about it:
“All they have to do is break two of your passwords, and they can reverse-engineer your passwords!” - Maybe, if they have a super-computer… “It’s so much work” - Once. It’s so much work once. Then, it’s much easier than loading software or digging out a dongle every time you log into anything up until you decide to change all your algorithms… “What happens if you forget?” - What happens if you forget?
This is the situation I’m in. Half-a-dozen clients in the energy and automotive industries, each with multiple security regimes and short timeouts. Passwords mutate with time and I stay sane…
I don’t like to keep any security stuff in “the cloud”, written down anywhere, or even on my own devices. It’s too easy to lose everything after one security breach.
Instead, I use password algorithms seeded from both the service name/identifier and one or more private passwords. This lets me keep thousands of service/site unique passwords in my head just by memorizing twenty or so words.
Nothing better than your first brew…