I'm not a developer so it would be your best bet to ask in different subreddits such as: r/privacy r/PrivacyGuides r/Bitwarden

This changes from user to user. In my situation, I'm not in the apple ecosystem. I use Windows, Apple, and Android. This is where 3rd party password mangers shine. Usually, it has extensions and apps for each OS. If each major OS had it's own password manager, in my situation, would be completely useless.

Yes, unless you are logged in your vault won't be decrypted. I assume you mean something similar to this? https://bitwarden.com/help/uri-match-detection/ https://bitwarden.com/help/website-icons/

Correct me if I'm wrong, but I assume the website match should be done locally otherwise it would be encrypted. https://bitwarden.com/help/what-encryption-is-used/

Browser extensions are a weak point but it also prevents everyday people from getting phished. As if the domain is not matching, you won't be able to fill your information (since it won't show).

As always, if you don't trust cloud you can either self host or use a local password manager.

Well I personally trust my current password manager (Bitwarden). When you save your account to that password manager. It is supposed to be fully encrypted and uploaded to the cloud. This is that if there is a breach, the hackers only have your encrypted information (essentially useless).

In the case of this LastPass hack, the URLs of accounts weren't encrypted while the rest of the usernames and passwords were. This can lead to phishing attacks attempting to gain access to that website's account.

There are also local password managers, however I decided against them, as it is not convenient for my personal situation. I started with LastPass but switched to Bitwarden after they implemented their single device policy. As of now Bitwarden has not been breached. With the code being open source, the ability to self host, and the developers responsive & open to suggestions; it has earned my trust.

From a privacy standpoint, you should change passwords (especially your master password). The hackers have the URLs for accounts of LastPass users (as it wasn't encrypted). So it is recommended to change passwords for "important accounts" (emails, financials, etc).

You can then slowly go through your other passwords and change them. Like the next time you visit the site. Also don't use LastPass any longer, if you want to keep using a cloud based password manager, I recommend Bitwarden for free users.