[CharlesW]

> The flaw of password managers is that you don’t know the passwords you’re using for your sites. That is, if the data was lost, you’d have to do an account recovery, which for some sites is fine, for others it can be a nightmare though.

It's typically a 5-minute process, which I know because services regularly force password resets quite often.

> …I don’t trust a cloud service to keep the data secure.

Fair enough, there are definitely shady SaaS vendors. My password manager is a SaaS with a long history (2006), which has no access to my account passwords or Secret Keys and could not reset or recover them for me if I asked. I'm personally satisfied with that.

Have you considered the benefits? For example, I know I currently have 1,161 account logins on various sites/services, 278 of which have "fantastic" passwords, and 144 which have "fair" passwords that I should really go back and update (surely from my pre-password-manager days). I know there are 5 accounts that now support 2FA, and many more which now support passkeys. I know when I've last used each so I can easily close old accounts, which I gradually do.

That kind of awareness/security hygiene enablement would be tough (if not impossible) to replicate manually.