It was never a good idea. What it is is better than some really horrible alternatives. The horrible alternatives are having users pick their own weak passwords and use the same password for every site they log into. This is an especially bad problem with large companies which have a lot of unsophisticated employees and a lot of employees that simply don't care about security.
The worse alternatives is where the "top passwords" lists come from... those lists are from people that are not using any password store:
The most horrible alternative I've seen: I once worked with a person who used his Outlook "contacts" as his "password manager." I discovered that after he quit and I was deactivating his accounts. Not only did he use Outlook "contacts" as his "password manager", but his passwords were discoverable (based on readily available personal information), guessable (e.g. pa$$word), and heavily reused either directly or as minor variations.
It's not a password store, SSO services like OneLogin are federated services that authenticate users with encrypted tokens. In a SAML transaction, or with OAuth, a username/password combination is never exchanged. How is this better, aside from user experience? For starters, the ability to disrupt access benefits from a single point rather than having to change passwords in every app. It also benefits from relying on a credential from a directory service that can then be used to provision access within the target application, which means you can have more granular role-based or dynamic access based on metadata like time of day or geolocation.
In a perfect world, that is, if no service stored passwords with risible security, just remembering 2 or 3 strong passwords would be workable
Instead, since we live in a word where several system developers are inexperienced or just plain idiots, there is a need for passwords to be disposable
Password manager are worthy because they allow you to keep several different passwords and the strong password they require hopefully is not stored as MD5 anywhere.
The worse alternatives is where the "top passwords" lists come from... those lists are from people that are not using any password store:
https://www.google.com/search?q=top+passwords+2017&ie=utf-8&...
The most horrible alternative I've seen: I once worked with a person who used his Outlook "contacts" as his "password manager." I discovered that after he quit and I was deactivating his accounts. Not only did he use Outlook "contacts" as his "password manager", but his passwords were discoverable (based on readily available personal information), guessable (e.g. pa$$word), and heavily reused either directly or as minor variations.