@sillystring It all boils down to the password derivation algorithm that you choose, weak master passwords should not be too easy to guess. I wrote about it here: https://palant.de/2016/04/20/security-considerations-for-password-generators/ - and most password generators indeed didn't perform well. PfP was called Easy Passwords back then and used PBKDF2, we now upgraded to the more secure scrypt algorithm.
@sillystring In the end: yes, generating passwords will always have this additional attack vector, as opposed to merely storing them. However, with a proper derivation algorithm and a master password that isn't "password1" the risk here will be very low, particularly if compared to the other risks password managers are exposed to. Yet the gain when you need to recover your data is massive and outweighs the risk by far.
A Mastodon instance for info/cyber security-minded people.