Still, the algorithm method requires 3 services to be breached. Those services must be storing the passwords in plaintext or an otherwise retrievable method. The bad actor must put together the fact that your account is the same across all 3 services. Then they must analyze your password and reverse engineer your algorithm.

That seems a lot less likely than your master password getting nabbed.

The attack vector for a PW manager is a lot easier. They're obvious targets for both breaches and social hacks. One person looking over your shoulder at the coffee shop is as or more likely than anything else. They can even swipe your phone in that scenario to beat MFA.

I'm not advocating an algorithmic approach. The average person isn't going to understand this (heck, they don't understand PW managers either). And if they did, most algos would be something like ServiceName! anyway.

On the whole a password manager is a better solution, but it's not without its own trade offs, which don't get nearly enough discussion.