And what, there is no way to change the password if the attacker has learned it?

The main thing here is to make a complex login, like D4^3fnbD#@fdsbseij#[email protected]*&@)(*kdfi

So, if I understand your idea correctly, then in order to gain access to Pavel's account, I will just need to log in and generate a new password for the word pavel, right?

Well, the fact that in general someone will guess that you have such a system is not very great.
But it is not safe, if a person guesses, then this can attract interest in this and he will be able to register a lot of accounts and guess your algorithm.

Read the SHA-1 hashing algorithm. You need to do something similar and more lightweight. The main thing is that your password generation function does not call.
The hash function is called if the original text can be restored from the hash image.
By the way, passwords are not physically stored in Windows. When you specify a new password, the system calculates the hash image and saves it to itself. When you enter a password for authorization, the system calculates the hash for the entered password and compares it with your own. If they are the same, then the password is correct. And, if an attacker breaks the place where passwords are stored, then he will not find anything except for the hash image. And it is impossible to recover a password from a hash image, even if it is ten times larger than the password itself. An interesting thing, in general.

Everything is possible as a purely personal password generator, but you should always understand:
1) What is the “Incident response handling” procedure for your decision - what to do if a fox came and spied something
2) The password for the authentication system is what he knows Mr. X does not know Mr. Y. No options. If someone knows the password generation algorithm and guesses the initial data, this someone for the system is you.