[jaredklewis]

What's your baseline? While there are theoretically more secure alternatives to using a password managers, the vast majority of people don't have the discipline or skill to implement them effectively.

Password managers make security tradeoffs, providing a nice balance of convenience and defense against many of the most important attack vectors.

So while it of course possible to come up with basically endless possible attack vectors for password managers (and indeed all software), it is most likely not a productive exercise.

Also, a small tangent, but if someone compromises the play store and is able to install malicious software on your phone, there are plenty of ways for tmem to get your password that don't involve password managers.

[signal11]

> the vast majority of people don't have the discipline or skill to implement them effectively.

I'd go so far as saying -- most people who think they have the discipline and skill, don't. Or rather, maybe they have it maybe for a few passwords (email, online banking, work, machine passwords).

But it's almost impossible to do well once you cross ~20 passwords. Remember trying out Goodreads years ago? Well, turns out someone's hacked into your account and is posting reviews critiquing travel books for not buying into Flat Earth Theory. You only notice when searching for your name on Google. Or even nastier scenarios.

[dyingkneepad]

The baseline is an encrypted libreoffice or txt file where passwords are stored. Then the file is somehow synchronized.

[scrollaway]

You're describing keepassxc. A keepass file is essentially an encrypted sqlite db.

How is an encrypted odt/txt better?