Even if it's only random-ish, password managers do key stretching (for example by hashing the password 600k times - bitwarden has a high default value and lets you increase it if you like) so that it has to take some computational effort to check if a single password is correct. That's why it take a few seconds to unlock your vault each time.
With these in place I think you're pretty safe for a long time. (Well, maybe until quantum computing breaks those cyphers?)
That's not true. A long sentence of your choosing is easy to memorise and plenty long enough to not be able to be guessed by a computer (brute force).
But this is why I use security keys like yubikeys. Doesn’t matter if an attacker knows my main password for any number of reasons, there’s fuckall they can do with it without my physical key.
And even if they get into my vault and extract passwords, for many websites (in particular the most important ones) they’d still need to use my security key, they can’t just use the passwords.
Attacks are still possible (with browser session fuckery?) but much harder that yet another breach where a website was storing passwords in plaintext
Note, it’s best to not select “remember me” for Bitwarden: https://bitwarden.com/help/twostep-faqs/#q-why-is-bitwarden-...
I like, no I think it's simply a hard requirement, that I can recover from nothing but the contents of my head. I can wake up naked in a foreign country and regain everything.
