This is a common take on password managers but in practice it doesn't really hold, because humans are bad at security and good password managers are really fucking good at it. That's not to say there aren't weaknesses to the password manager model, but you're overestimating them and underestimating the ones in your scheme.

I also invite you to read my response above to someone else regarding the security of such an algorithm: with some examples, brute forcing an algorithm is easier than brute forcing a master password.

The issue is that password managers skew the cost/benefit analysis of an attack, thus altering the risk profile for the individual. As long as your password creation/storage method is strong enough to thwart low motivation/low resource parties, you may be better off than being in a very attractive pot of millions of credentials.

That is a fair point, but keep in mind the risk of NOT using one. Most people won't have a "strong enough" storage/creation method.

I'd argue even those who think they do probably don't.

To me the whole conversation sounds like this:

- An unknown, low security bank was broken into.

- This proves storing your money in a bank is a terrible idea! This is why I keep all my money in my home.

- No that's definitely a worse idea. Storing your money in a bank is the most secure way to keep your money. It's not infallible but-

- Yes but alone i don't have that much money... It's a lot more attractive if it's in a big oot everybody else's.

- Well no, most good banks invest a lot more in security than you ever would or could.

- No it's okay, because I put it in a box and I have a lock on it.

- Like a safe?

- No. I don't trust safes either.

> That's not to say there aren't weaknesses to the password manager model, but you're overestimating them

Doesn’t this very article show otherwise?

It does not. It shows the failure of one ONLINE and CLOSED SOURCES password manager. Both of those can and should be avoided.