> But what happens if they guess your Password Managers master password?<p>The author fails to mention the fact that most password managers have multi-factor authentication which provides additional checks into logging in to a users account which the attacker will have a hard time finding a way around. 2FA via a phone number shouldn't be recommended at all but a PIN, U2F key / TouchID + master password, etc should be enough to stay secure.<p>So even if someone installed a keylogger on your computer somehow and obtained your master password, they would need the PIN, U2F or TouchID codes in order to access the manager or even extract a single password. But that depends on the password manager you use. Open-source or not.