You could possibly switch to a “client-side salting” approach, having a strong consistent password in you head, and storing a short but truly random suffixes for each service. e.g. text file named “Netflix” containing something like “T3M#f” and the final password would be something like “hunter2T3M#f”.
I guess I’m not understanding how this is functionally different from what I already am doing. Why would your 12 character solution be more secure than my 14 character example? Is it just because NutFlex is two actual words, so a dictionary attack could crack that more easily? Or is it because it’s kinda close to the domain the account is associated with? Would I be significantly better off replacing those bastardizations with other random words?
Edit: and also, they’re saved as notes in my phone, and no I don’t type the whole password in. That would defeat the purpose of having a persistent master phrase as part of the password.