[zokier]

The point of password managers and master passwords is not ultimate security (such goal would be futile). Instead the point is to bring major security improvement to the masses. Eg to the masses who are currently using a single weak password across many websites.

Sometimes you need to trade some security for convenience, or you will lose all security.

edit: In addition, to combat keyloggers (and other malware) you need either HSM or one-time passwords. In both cases you usually need support at the server-side. As such, combating keyloggers is really infeasible via password policies.