I have never been all that keen on password manager apps because if a miscreant is able to compromise your master password, ALL of your passwords become available to the crook.
Not it seems that my paranoia concerning password managers was justified. The nasty Citadel malware that’s been compromising the websites of banks and other institutions of late has started attacking password manager apps via a special keylogger that’s built into the malicious code.
So far the only apps that are known to have been targeted are neXus Personal Security Client, Password Safe and KeePass, but there’s little doubt that other password manager apps will soon be under attack as well.
Even though most password managers now use two-factor authentication, I still don’t trust trust them because there’s so much at stake if there is ever a breach.
Bottom line: If you use a password manager app to store your passwords, I recommend that you stop. Although you’ll probably be just fine if your app uses two-factor authentication, I prefer not to chance it.