password manager security

why do so many security researchers suggest giving up autofill though it seems convenient? Because there are so many flaws of it, like Mathias Karlsson, a security researcher, found a shocking bug in URL parsing when studying the autofill function of the LastPass browser extension in 2016.

Unlike offline password managers, online password managers transport the vault among different devices on the Internet. This requires users’ personal information and stores the vault on cloud serve. This whole process naturally exposes more attack surfaces.