Offline vs Cloud: the Real Threat Model in Password Managers

When talking about password managers, the discussion often focuses on encryption algorithms, key length, or “zero-knowledge.” Much less often, a more important question is asked: Who am I trying to protect myself from? Without a clear threat model, comparing different solutions becomes meaningless. What is a threat model A threat model is not a list of features. It is an explicit description of: which attacks are meant to be prevented which ones are accepted as out of scope which assumptions are made about the environment Every password manager, consciously or not, makes these choices. The cloud-first model Cloud-based password managers introduce a model built around: remote synchronization an always-on backend user accounts centralized infrastructure This approach protects well against: device loss multi-device access requirements user mistakes (automatic backups) But it also introduces new attack surfaces: provider compromise backend bugs server misconfiguration third-party dependenc