The threat model used for this assessment pretty much never happens in reality. If you're arbitrarily reading memory using software, then you can also install a keylogger or steal clipboard contents, which the authors themselves concede no password managers can protect against. So what's really being evaluated is how well password managers can withstand physical attacks (DMA/coldboot), which isn't a concern for 99.999% of people. Furthermore, if your attackers had physical access, they could very well install a physical keylogger to steal your passwords, bypassing your password manager's countermeasures entirely.

What if someone steals your laptop and decides to see if they can get any sensitive info off of it before they wipe it and sell it?

Probably not a common scenario right now, but if this threat goes unfixed for a long time and tools become available to automate the attack I could see it becoming a problem.

>What if someone steals your laptop and decides to see if they can get any sensitive info off of it before they wipe it and sell it?

That's what full disk encryption and (eventually) hardware security chips and the like are for. It's not a threat model that has anything to do with password managers.

>Probably not a common scenario right now

It never can be, that's the point. Physical attacks simply do not scale like purely online attacks do, let alone attacks on centralized single points (ie., a central password database).

>but if this threat goes unfixed for a long time and tools become available to automate the attack I could see it becoming a problem.

What? What tools "automate" stealing your notebook?? And also breaking through whatever physical security it has, like TPM or Apple's T-series chips or even just plain soldered on storage/memory/everything? The latter make repairs more of a PITA but they also make physical attacks significantly more difficult, even stuff like cooling memory and swapping (and encrypted memory based around tamper resistant security chips is a potential thing too).

> That's what full disk encryption and (eventually) hardware security chips and the like are for.

That only helps if you assume the laptop is fully powered off when it is stolen. If it's on or merely in "sleep" mode, disk encryption doesn't help.

> It never can be

What can never be? Laptops being stolen? A threat doesn't necessarily need to scale to be a problem as long as the gain from individual compromises is sufficient to make it worthwhile.

> What tools "automate" stealing your notebook?

The stealing doesn't need to be automated, just the attack on the password manager itself. A program anyone can download and run on a stolen laptop to extract the password database would be sufficient.

>That only helps if you assume the laptop is fully powered off when it is stolen. If it's on or merely in "sleep" mode, disk encryption doesn't help.

Is this true for Filevault? I know a lot of Mac owners who assume otherwise.