Practically, if one doesn't use a password manager, they probably have a much more serious problem than weak passwords, i.e. password re-use.
As opposed to having your manager DB lost or compromised by a trojan.
Using zx2c4 pass with a Yubikey 4. Passwords are GPG encrypted. The private key is on the Yubikey and cannot be read out. The Yubikey 4 is set to require a touch per password unlock. The only passwords at risk are the ones unlocked. At that point, the trojan could install a keylogger and have the same amount of success.
Losing the password store isn't a problem either. It has a git remote on a USB stick. There's a backup if it's ever lost.
In that setup, how do you handle needing passwords on your phone?
There's an app for that. Android Password Store[1]. You can use a Yubikey Neo with NFC in combination with Open Keychain[2]. Both are available on F-Droid.