[upbeat_general]

True but all of the methods you mention to determine the horcrux are also ways to get someone's typical password, so password manager + horcrux is still much stronger as you need both (besides obviously the keylogger/malware).

You could also just have a horcrux for a couple sites and make them all distinct obviously.

[Thorrez]

Well my thought is that it doesn't take much effort to get a typical password, but does to get a password manager user's password. So an attacker who gets the password from a password manager can probably easily get the horcrux as well.