[dyingkneepad]

For password managers specifically, one thing you can do to be a little less reliant to the "password manager app was compromised" attack is to pepper the passwords in your password managers. So every time you paste/auto-fill a password from your manager, to you delete a bunch of characters and add a bunch of characters. Of course this requires some memorization and to some extent introduces back the very problem that password managers attempt to solve. Then you tune your pepper algorithm as much as you like: even sharing the same pepper algorithm for everything is not that bad, since it would require an attacker not only to compromise your PM but also know one of your stored passwords. And you can give yourself tips on your pepper using the comments/notes section of the password manager.