I posted this research by ISE, referenced in an article in WaPo that summarized as follows:<p>It found the Windows 10 apps for 1Password, Dashlane, KeePass, LastPass and RoboForm left some passwords exposed in a computer’s memory when the apps were in “locked” mode. To a hacker with access to the PC, passwords that should have been hidden were no more secure than a text file on your computer desktop.
I use KeePass (currently version 2.40). The author does claim to use "in-memory protection" of secrets while the program is running, but apparently it is not thorough enough. However I would need to have malware running on my machine (or give physical access) to exfiltrate the in-memory passwords right?