Bad: Base + "Facebook" (Trivial to reverse engineer). Fix: Use non-linear transforms. Base64 encode the domain, then take the cryptographic hash (SHA-256) modulo the length of your base.
MyDogChasesSquirrels&@6FGM → 28 characters, >128 bits of entropy, unique per site, memorable with one “redundant” rule. R-massive Password
"R-massive Password" is not a standard industry term in cybersecurity. It is almost certainly a reference to datasets found in the data breach community, specifically relating to the "RockYou2021" password compilation. Bad: Base + "Facebook" (Trivial to reverse engineer)
3. Create a personal "Rule Engine." For example: - Rule A: Capitalize the 3rd character of the domain name. - Rule B: Insert the domain’s character count at position 5. - Rule C: If the domain ends with .com , add !! at the end. 4. Write this rule down on a piece of paper. Do not store it digitally. add !! at the end. 4.
: Use tools like Have I Been Pwned to see if your email or passwords have appeared in public breaches.