[Someone1234]

Password hashes are one-directional lossy storage. If a password manager "hashed your password" it would be essentially deleting your password and replacing it with something else which cannot be used to log into anything. The password MUST be recoverable to plain-text to replay it to a website.

But you're correct that Chrome, Firefox, Edge, Lastpass, BitWarden, even Keepass have the same issue. It is an Operating System limitation, not a password manager problem.

[Sohcahtoa82]

I think the catch is whether the passwords are unencrypted in memory constantly, or only during a short period when the password is being used?

[busterarm]

I never said that they should be hashed, just that they aren't. Just subtly pointing out what the tradeoffs are if you choose to use a password manager whose storage/access is basically always available.

At least with Keepass it's locked in an encrypted store and only available exactly when I need it to be. I can take other precautions if I want when I want to access it.

With your browser's password manager you're stuck with the slop you were given.

[traderj0e]

So are you typing your password every single time you want to unlock that store? If not, where's the master password stored? I know Keychain does something advanced with the enclave.

[busterarm]

My master password is ~20 characters of strong randomness and completely in my head and has worked that way a good 10 years or so now.