The requirement mentioned earlier about ensuring that your passowrds are not 'remembered' by someone watching you type it is not a problem for password managers.
When setting up a PC for my son I used his MS password about 8 times in several different cases across two PCs (old and new) as well as a phone.
Despite typing it that many times, I could not, under any circumstance, recall the password when trying to type it, even after a delay a few minutes.
This is because password manager passwords can be made eminently un-memorable; you would have to be the mentalist to remember 12 characters, case and all, just by watching someone type them.
I was typing from a displayed password and I still couldn't recall it.
Of course, we use 2FA so OneDrive etc. are even less likely to get hacked even if the correct password is entered on a new device, so the hacker would have to access the PC, steal the phone, know the phone PIN *and* have the password.
Hardly worth the effort to see his student debt (always assuming they managed to access the bank).
I think the honest truth is that £24 a year for four (I think) people to have LastPass is very good value indeed and it really does make site login (and address/CC details entry) super easy.
What was disappointing was not knowing if 12 random characters (with specials where allowed) is enough - from the looks of the article and the fact that NTLM is weaker than most systems in use - it seems so. I assume that it adds perhaps another 28 bits making brute forcing that much harder.
But how much is what I would like to know.