I don’t know about all of them, but I do know about the first few, so here goes:

– Bitwarden: Actually, this one implies it right in the description: *optional* self-hosting (emphasis mine). Self-hosting is AKA local storage, so Bitwarden stores the password vault in their cloud servers unless you go out of your way to store it locally. Additionally, Bitwarden is an Electron app…Electron uses Chromium and node.js (the javascript engine from Google Chrome), which means that Electron apps are essentially data-harvesting spyware.

– 1Password: It used to be local storage only. Then a few years ago when the “subscription model” for software started and became popular, 1Password offered its users a choice: continue using the desktop apps and local storage, or spring for the subscription versions and store the vault in 1Password’s cloud. But with the release of version 8 last year, 1Password became on-line only…there’s no longer the ability to store the vault locally. Worse yet, they got rid of their native desktop apps for Windows and macOS (they never had one for Linux) and replaced them with Electron apps; while moving to Electron resulted in a Linux app finally…well…they’re Electron apps.

– Keeper: While it took a little looking to get nearly-positive confirmation, I finally found it on the Keeper vs KeePass comparison page, where they say “KeePass only stores files locally.”…which strongly implies that Keeper stores the files in their cloud. In addition, Keeper is yet another Electron app, and…well…you know.

– LastPass: On their web page, it says “Once you save a password in LastPass, you’ll always have it when you need it; logging in is fast and easy.” So…vault stored in their cloud. Seems to me that some years ago they offered local storage, like 1Password did, but apparently not anymore. I don’t know if their multi-platform apps are Electron apps or not and, quite honestly, I don’t care enough to take the time to find out, since I won’t be using them anyway.

Basically, if the password manager requires a person to create an account, or if they offer web access (as all but the last three on this list do) then it’s storing the password vault in their cloud…there’s no other reason for an account, and no other way for the web app to get at the vault. As well, if it’s a cross-platform app, particularly if it includes Linux, then there’s a high probability that they’re Electron apps. Yes, it’s possible that they’re individual native-OS apps like 1Password used to have, but, sadly, that’s not the trend these days. If they want one-code-base-for-all (which was 1Password’s excuse for switching to Electron), I don’t know why they don’t use Java…it may not be as “pretty”, but at least it’s not spyware.

“Any time you store your data on third-party servers, you give up control of that data. At any time, whether the PM provider goes out of business or there is a change of corporate policy, you can be blocked from accessing your passwords”

And don’t forget that at any time, the PM provider could be bought out, at which time the privacy policy no longer applies and your data could become fair game for anyone, depending on how scrupulous (or lack thereof) the purchasing company is.

And of course there’s the possibility the PM provider is experiencing Internet connectivity or hardware problems right when you want a password…which wouldn’t be a problem if the vault was in local storage.

I get that storing the password vault in a “cloud” makes it easy to sync the vault between multiple devices, but most of the password managers that offer that kind of thing allow using Dropbox to do it…and owncloud/nextcloud are essentially Dropbox on a local system. It sure would be nice if password managers allowed the use of owncloud/nextcloud as well.

Any time you store your data on third-party servers, you give up control of that data. At any time, whether the PM provider goes out of business or there is a change of corporate policy, you can be blocked from accessing your passwords. And then there are the malicious employees of the PM provider.

When it comes to security, the fewer the people in the know, the better. As the saying goes – The only way two people can keep a secret is if one of them is dead. Storing the password database locally ensures YOU are the only one who has access to it (unless you explicitly give access to others)