Disclaimer
Please don't construe my words as either in support or dismissal of either classical password managers or deterministic ones. I haven't thoroughly looked at the problem from many (let alone all) angles, thus I might be missing a lot (both good or bad). To draw any conclusions, one should employ independent research.
Finally, keep in mind the following guidelines:
an unusable absolutely secure system is almost absolutely useless;
any weaker solution is far better than reusing the same password everywhere;
everything depends on the strength of the master password; if it has at least 128 bits of true entropy, whatever that means, it doesn't matter what cryptographic primitives the password manager uses (unless it's badly broken); brute-force doesn't work because of the sheer number of potential guesses;
a password that one choses (without using real entropy sources like a hardware number generator or even dices) is weaker than one thinks;
Deterministic password managers
All password managers rely on a user supplied "master password" to protect the user's credentials (mostly other passwords for various sites and applications). (Although nothing could stop a password manager to use something like a hardware token or any other such hardware devices.)
Classical password managers generate the credential passwords randomly, without any relation to the master password or any other contextual information. (Then these credential passwords are encrypted with the master password, using various cryptographic approaches that are sometimes better, or sadly, sometimes worse...)
However, there is another class of password managers, which I call deterministic password managers, ones that deterministically generate the credential passwords based on the master password and other various contextual information, like for example the site domain or application name, the username, the number of times a password was changed, etc.
In what follows, I'll focus on these deterministic password managers, especially as compared to classical ones.
Strengths
Deterministic password managers have a few strengths (as opposed to classical password managers); for example:
there isn't anything an attacker can steal to later use; (outside the master password;)
there isn't a list of credentials that have been generated; (although some deterministic password managers do store such a list, mostly to make sure the user doesn't forget or doesn't give wrong contextual information;)
there isn't a need for any backup; everything one needs to know is already backed-up in ones mind; (obviously, besides the master password, one needs to remember the contextual information;)
one isn't technically limited to only one master password; one could use as many master passwords, perhaps grouping related credentials under the same master password; (however, I assume many deterministic password managers user-interface isn't tailored for such a use-case;)
Weaknesses
However, as with all things, there are downsides too:
obviously, one can't change the master password; (although some deterministic password managers support a hybrid approach, where they just store any arbitrary credentials encrypted with the master password;)
if the master password is leaked (without one knowing) then the attacker can obtain any past and future credentials one might have generated and be using; (contrast this with a classical password manager vault and master password being leaked, only the credentials generated up-to that moment can be recovered; and provided the attacker can't leak the vault again, even if the master password is known, it can't obtain any new credentials created after the point of the initial leak;)
if a credential password used on a particular site is leaked, then an attacker, provided he knows the contextual information (which most likely is the site domain and user account) can start brute-forcing the master password offline, and if he succeeds there is no way to find out;
also, as a consequence of the above observation, if one wants to share even a single credential with someone else, then that someone else must be trusted, else he could become the attacker and start brute-forcing the master password;
Other opinions
- 4 fatal flaws in deterministic password managers;
- and unfortunately, no other serious take on the subject...