An excerpt from an article about Password Managers
This becomes fatal in combination with cloud synchronization. By synchronizing via a cloud service provider, the user effectively gives control of the password database into foreign hands. In any case, into the hands of the cloud service provider, possibly also into the hands of the state in which it has its headquarters and data centers, and are we really 100% sure that the transport encryption commonly used nowadays has no weaknesses?
Once the database is in the hands of interested third parties, they can start using a stone-age instrument - the brute force attack. Unlike modern smartphones, the database does not delete itself after x failed attempts and many programs do not even temporarily block access. It is therefore only a question of time and the quality of the password.
If synchronization via a cloud service is unavoidable, it is essential to choose a program that supports such two-factor authentication
That makes with worry