I can have 20,000 character long passwords with a password manager
Sure. Most websites will either truncate them or outright reject them due to being too long, but sure.
Most users, however, will use the 12 to 16 characters auto-generated ones, though, which are sufficiently hard to crack (though not as much as an easy to remember passphrase, not that it matters; the easy to remember part is what matters about passphrases).
that makes it significantly less secure
No it doesn’t. Even if a few of the passphrases leak, your algorithm, if well chosen, shouldn’t be easy to reverse engineer… and unless someone is specifically targeting you (and has access to enough of your passphrases) there’s much easier fish to catch; if a leaked passphrase doesn’t work in other sites, no one will waste time trying to figure out if it has some logic to it.
I could have 20,000 character completely unique passwords with a password manager
No you couldn’t. You’d have one password and one password manager (which would have all “your” other passwords; as would anyone else with access to your password manager).
Until you lose access to your password manager, of course… which is bound to eventually happen, due to hardware or software issues or loss of the device if it’s local, or due to network issues, the provider discontinuing the service, or inevitable enshittification if it’s online.
And, of course, you’ll have a single point of attack from which your password can be leaked (or sold, if it’s an online service) or stolen.
Sure. Most websites will either truncate them or outright reject them due to being too long, but sure.
Most users, however, will use the 12 to 16 characters auto-generated ones, though, which are sufficiently hard to crack (though not as much as an easy to remember passphrase, not that it matters; the easy to remember part is what matters about passphrases).
No it doesn’t. Even if a few of the passphrases leak, your algorithm, if well chosen, shouldn’t be easy to reverse engineer… and unless someone is specifically targeting you (and has access to enough of your passphrases) there’s much easier fish to catch; if a leaked passphrase doesn’t work in other sites, no one will waste time trying to figure out if it has some logic to it.
No you couldn’t. You’d have one password and one password manager (which would have all “your” other passwords; as would anyone else with access to your password manager).
Until you lose access to your password manager, of course… which is bound to eventually happen, due to hardware or software issues or loss of the device if it’s local, or due to network issues, the provider discontinuing the service, or inevitable enshittification if it’s online.
And, of course, you’ll have a single point of attack from which your password can be leaked (or sold, if it’s an online service) or stolen.