Years before these systems came out I thought of building a similar zero trust style system and I realized the level of attack that I would be putting myself under and the insecurity of JavaScript due to extensions, mitm, and client side malware made it ridiculously unpalatable. You would have nation state attackers coming after you as well as your nation state demanding you grant access to them. It felt pretty brazen to me that these companies came out but they did well. I still think it's an incredibly juicy target and a bad idea.
I at least know if someone broke into my physical safe.
> I realized the level of attack that I would be putting myself under and the insecurity of JavaScript due to extensions, mitm, and client side malware made it ridiculously unpalatable
This doesn't really make sense. These threats apply equally to people just memorizing and typing in their passwords into web forums. If the user's browser is compromised there is literally nothing to be done.
It doesn't compromise ALL of your passwords in one go, it only gets the ones you type. I don't do my bank or my broker except on my low risk machines with 2fa. But logging into a motorcycle web forum shouldn't leak that password. Having them all in the browser local storage with one master password does.
I at least know if someone broke into my physical safe.