> The whole point of using a password manager is that the passwords I create and use on my {desktop, laptop, work machine, phone} are immediately and seamlessly available to me on all of the other platforms.
That isn’t the whole point of 1PW though, or at least it wasn’t at the beginning, as I saw it. It was a way to avoid having to remember a unique, secure (read: probably hard to remember) password for every service that requires one. A place to store them all so you don’t have to remember, or worse, reuse the ones you can remember, and/or use easy-to-remember ones (read: less secure). It’s in the name: one password gets you access to all your passwords. Automatic form filling and cloud sync are definitely selling points and certainly convenient, but they are also risk vectors. I’d not call cloud sync essential; I get by fine without it. I just use the WiFi sync option.
If the goal is to avoid having to remember strong passwords, then a strong password generator + a paper journal is resistant to more threat models and should be preferred.
Password managers without transparent sync and autofill UX are a half-product at best.
It’s probably similar but I’m not convinced it’s preferred. If I lose that journal anyone can read it. If I lose my computer it is most likely locked already, and if not it (as well as 1PW) autolocks itself after a short time.
Also like I mentioned elsewhere, I do sync my vaults, but only using the local WiFi option.
There are nearly infinite vectors to exfiltrate files from your computer, the vast majority of which are currently unknown to you, and would be entirely undetected. And what's more, most of those vectors can be done from anywhere on the planet.
There is only one way to exfiltrate information from a notebook, it requires physical proximity, and it's very likely that you would notice.
Every rational threat model for almost every human on the planet (excepting perhaps major political, cultural, or economic figures) would conclude in the paper journal being the better (safer) choice.
The pain of doing that is nonzero, but much less than the pain of keeping the passwords synced manually, or through an intermediary like Dropbox (permissions, having Dropbox installed and running on my phone, etc.)
That isn’t the whole point of 1PW though, or at least it wasn’t at the beginning, as I saw it. It was a way to avoid having to remember a unique, secure (read: probably hard to remember) password for every service that requires one. A place to store them all so you don’t have to remember, or worse, reuse the ones you can remember, and/or use easy-to-remember ones (read: less secure). It’s in the name: one password gets you access to all your passwords. Automatic form filling and cloud sync are definitely selling points and certainly convenient, but they are also risk vectors. I’d not call cloud sync essential; I get by fine without it. I just use the WiFi sync option.