Everyone should use a password manager since no one can remember all the passwords.
But how do they actually work? This paper gives the detailed description of how password managers save and protect passwords.

why do so many security researchers suggest giving up autofill though it seems convenient? Because there are so many flaws of it, like Mathias Karlsson, a security researcher, found a shocking bug in URL parsing when studying the autofill function of the LastPass browser extension in 2016.

Unlike offline password managers, online password managers transport the vault among different devices on the Internet. This requires users’ personal information and stores the vault on cloud serve. This whole process naturally exposes more attack surfaces.