I came up with the idea to generate passwords for internet sites by the following shema:
$masterpassword
$hostname
$TLD
hashfunction($TDL.$masterpassword.$hostname)
So the actual password is a hash with a reasonable lenght of characters (depends on the hashfunction, sha512 = 64 chars)
lets say my masterpassword is "ilovesecurity", the hostname is "stackexchange" and the tld is "com". So the plainpass would be "com.ilovesecurity.stackexchange" and the hash (the password I will use on the website):
56100C52CE2B54B38AAB4E354B7826216CD6FCB3B317E7CD442D251FB0F7B378D053E705257AE9EE2D3A787D48CA8D41FB2B31C10FB97C3ACE4E1382D4B9C392
Is this "method" secure and or practicable? If yes, what hashfunction should I use? If no, what can I improve? How can I eliminate the cons?
My pros and cons so far:
Pros:
- secure?
- no password manager needed
- "portable"
Cons:
- Need to generate the hash (by tool or online hasher)
- Different password policys on websites