Password generator
To get automatically generated unique passwords, you use some program to compute a hash (preferably cryptographically secure) and use that hash as your password. The hash will depend on the domain name of the site (and perhaps also the user name).
There are several existing Javascript bookmarklets which you can install in your browser to do this easily. When you're at some site's login page, you click to bring up a Javascript popup, type a "master password" into it, and the Javascript program computes your password for the specific site (based on the domain name and the "master password") and automatically copies it into the password field on the login page for you. This can also be done by a browser extension, but then you are limited to only using that specific browser program (e.g. typically Firefox or Opera) instead of any Javascript-capable browser.
Of course your "master password" need not be the same for all sites; you could combine this automatic hashing technique with simple Manually generated unique passwords for additional security (and to provide a method of versioning in case you need to change a password at just one site).
E.g. look at:
https://www.pwdhash.com/ (seems to be more of a non-customizable prototype)
SuperGenPass:
+ It is simpler to use.
+ You can specify length of generated password.
+ It guarantees the password will start with a lowercase letter. (Some stupid websites complain if a password starts with a digit, for example.)
+ It guarantees the password will also include a digit and an uppercase letter.
- It doesn't have a way to generate nonalphanumeric "special characters".
- It only uses a simple fast small-iteration MD5 hash which is not very cryptographically secure.
PasswordMaker:
+ It is more complex with more options.
+ You can specify the hash function to use.
+ You can specify the output alphabet, e.g. only alphanumeric, or also specific "special symbols", etc.
- I believe it makes no guarantee a generated password will include symbols of the various categories (lowercase, uppercase, digit, special).
- Its various hash functions are also fast.
Neither of them gives the option of a many-iterated Slow hash function. So both are susceptible to brute force attack to discover your "master password" if a bad guy knows you use one of them. (That's a reason to use manually generated passwords as input for the "master password" instead of using the same single "master password" to generate all your site passwords. That's also a reason to consider rolling your own solution, or modifying one of them...)
Special characters:
A general annoying problem is that different websites arbitrarily disallow different characters in passwords. So if you want to use the good practice of including non-alphanumeric symbols, you have the problem that a password generating algorithm cannot simply produce passwords which might include any of (e.g.) `~!@#$%^&*()_+-={}[]|\:;"'<>,.?/ because website X has an arbitrary restriction that the only permitted special characters are + and / while website Y has an arbitrary restriction that the only permitted special characters are !@#$%^&* while website Z doesn't permit any special characters. Grr!
As an experiment, try changing your password to a1`~!@#$%^&*()_+- at some sites. You'll be surprised and disappointed how many disallow such passwords. But be careful: you may also be surprised how many sites are so buggy that they let you set the password like this, but then you can't log in because they silently somehow altered your password to "clean up" the special characters...
So the simplest solution is what SuperGenPass does: only generate alphanumeric passwords. With very long passwords (e.g. 20 characters) you're still nicely safe from brute force search. But it's still annoying to be restricted to an alphabet of size 62 unnecessarily.
The next level up is to have that as your default for normal sites, but for the few very important sites, generate passwords which include specific special chars you know to be permitted at those sites. Ideally you can find some common subset they all support... It is really stupid that so many websites arbitrarily force users to pick weaker passwords from unnecessarily small alphabets.
Maximum lengths:
A similar annoying problem is that different websites arbitrarily enforce different maximum lengths on passwords. There is no reason for this, since they should be storing a hash of your password, not your password itself. In any case, this means that you are either forced to set your password generator to the lowest common denominator (e.g. length of 12, as many financial sites inexplicably impose as a maximum length) or to set your password generator to a default permitted by most sites (e.g. length of 20 works for more sites I use) and then remember (preferably in a table) the exceptional lengths you need to override for certain brain-dead sites that don't permit 20-character passwords (e.g. your bank site which forces a password to have at most 12 characters).
Because of these 2 problems (special characters and maximum lengths) with generically generated passwords not working at specific sites due to unnecessary arbitrary restrictions at specific sites, many people prefer to use Automatically stored unique passwords so that they can make a maximal length and maximal alphabet password specifically for each site, and then store these in some sort of secure database.