[frgewut]

Bugs can happen.

One of the first scenarios that comes to mind - some implementation queries API for every key press. Suddenly you are sending your password out.

I guess time will tell, but human-generated passwords have proven their ineffectiveness anyway.

[Operyl]

That’s still not a problem with Troy/Cloudflare/k-Anonymity. Bugs happen, sure, but I’d hope your password manager that stores all of your passwords, reliably, has unit tests to prevent that kind of failure scenario.