The problem with this solution is that it is only as strong as your master password. Because you suggest to 'never write or store [it] anywhere' it can't be strong enough. To say it in Bruce Schneier's words: "Pretty much anything that can be remembered can be cracked."[1]
I memorized 1024 digits of pi in high school. I can deal with a strong password.
Keep in mind that most password managers also encrypt your password database with your master password, so my solution isn't any worse than those.
Memorizing a even a 16-character (upper/lower + symbols) random string as your master password would be 16*6 = 96 bits of entropy which is more than enough.
Dealing with memorizing ONE good 16-character random string is within the abilities of most people. Dealing with multiple ones is what is hard.
I don't question your memory, that is not my point. How long do you think it takes to crack a password that consists of digits of Pi or anything derived from it? And it's not about Pi either, it's just that you can't beat a computer in that regard.
For me, playing around with hashcat, was an eye opening experience and I truly believe in the Schneier quote from above.
Create a 10 word diceware passphrase, using the EFF's list. Try to memorize it, it shouldn't take long. Hash it with whatever hash you like. Even MD5. Try to crack it with Haschat. Spend as much time and/or money as you like on the project. It's got over 128 bits of entropy, you won't succeed before the Sun becomes a red giant and incinerates the Earth.
I agree with Schneier's quote, but you're also forgetting about password hashing. If it takes 10 seconds to derive the key (assuming the use of a strong hash function), anything with a good enough amount of entropy (60-90 bits) should be fine.
When an attacker acquires a leaked database, they're not cracking high entropic passwords.
Yes, what speaks for dheera's method is the use of a strong KDF and especially (a point that I missed initially) that they use a truly random master password.
The standard password manager is slightly better because the password database works like a 2nd factor.
Also, a character has at most 8 bits of entropy, not 64. If you use base 64 its only 6 bits of entropy. 16 x 6 = 96 bits is still more than enough though.
A downside if everyone used this scheme would be parallelized attacks on reversing the hash for the key. If you find a key that, with this scheme, creates a password for your service, you found the corresponding secret key. This then compromises all of that users passwords.
Sorry early morning here, I actually fixed that before I saw your comment -- more like 6 bits per character. In any case more than good enough.
I actually am not a fan of 2nd-factor authentication (e.g. phone). If you lose the physical thing or it gets leaked to a stranger, gunman who mugs you, leaked by security holes in the thing's own embedded OS, it's no longer helping your security. I'd rather authentication depend on only what's in my mind and body and nothing external. Also, I lose stuff and forget stuff pretty easily, so I often just avoid carrying anything.
I'm not sure what the various methods are called or what they are -- never really researched it. I just memorized about 10 digits every day over the course of a summer. Every day I practiced typing out the entire thing a few times as well as practiced the most-recent 100-block several more times.
"Pretty much anything that can be remembered can be cracked."
Randomly choose 6 words from a 10k English dictionary and you're set. Hell, make it 12 words. Still insanely easier to remember than a 12 character alphanumeric/symbol password, and much more difficult to crack.
Better yet, use the EFF's Diceware list. It's easy to pick randomly from the list (just roll some dice) and the resulting passphrase won't have some of the issues a dictonary chosen one would have, like compound words causing entropy reductions. (EG if fire, truck, and firetruck are included in the dictionary as 3 separate words and you happen to get fire and truck in sequence as part of your passphrase the entropy of those two words is equivalent to the entropy of a single word! Not good.)
> if fire, truck, and firetruck are included in the dictionary as 3 separate words and you happen to get fire and truck in sequence as part of your passphrase the entropy of those two words is equivalent to the entropy of a single word
Not exactly true if they are separate words. In a word-based password scheme, you are treating entire words, not characters, as units. The chance of fire, truck, and firetruck appearing in one password in that sequence, given a 10K word dictionary, is 1/(10K^3). The miniscule possibility of this speaks to the fact that there actually is a large entropy.
"green rubber yellowed out inside the 1st horizon"
I make random passwords like that (though usually 6+ words) all the time. I admit I can't remember all of them, but I can remember up to ten or twelve. Which is enough passwords to cover all the important services I use.
The big pain with that is that some services don't allow more than N characters for passwords (looking at you, 20-characters-limit-PayPal), some services don't allow spaces and whatnot, so you have to adapt.
Plus, you should enable 2FA wherever possible. You don't really need a super strong password once you have 2FA, so for those cases you can resort to OP solution of having "master_password + 'whatever' + domain" with master password being one of those ten you can actually remember and not even having to encrypt the whole thing.
[1] https://boingboing.net/2014/02/25/choosing-a-secure-password...