I used to use stateless passwords generated by PwdHash: https://hw.leftium.com/#/item/23142756

Even made a little to tool to help out when the browser extension did not work: https://ph.leftium.com/

Unfortunately I ended up with multiple "master" passwords:

- When forced to change the password for a site.

- Or when your master password resulted in a hashed password that failed a site's password requirements.

These days I just use a password manager (Enpass). Whenever possible, I use "pronounceable" passwords because when auto-insert is not possible it's easier to type a series of words than random characters/symbols. Especially on mobile.

Maybe I'm missing something obvious here, but how would you handle situations where you are forced to change your password, like after a site is compromised or they force password rotation?