Most of these managers support some form of 2fa. I use a yubikey with mine such that if my master password is compromised someone would still need to obtain my security key. You can enroll multiple and keep one in a safe and one or more on your person. It's not perfect, but it prevents the vast majority of huge dragnet style malware attacks and a lot of the targeted ones until you get to the point where someone is trying to hunt you down on the street.
This still leaves a case where someone manages to get the final key out of memory but you're pretty hosed at that point anyway. I'd prefer a system where the yubikey itself is doing the final credential decryption instead of the CPU, unfortunately most people aren't that paranoid though.
This still leaves a case where someone manages to get the final key out of memory but you're pretty hosed at that point anyway. I'd prefer a system where the yubikey itself is doing the final credential decryption instead of the CPU, unfortunately most people aren't that paranoid though.