This question hinges on some false premises:
- Product 'X' is less secure than copy/paste to a desktop password manager.
- Copy/paste has security drawbacks.
- Product 'X' update is in general more frequent
- Proprietary
- Product 'X''s database is in the cloud while a desktop app can be copied to
an external device
I will address them here:
- Modern Password desktop password managers all have some way to secure the clipboard. typically by only exposing the credentials for a short time.
- The better ones have other means of communicating the password to the browser that do not use the clipboard at all, such as Keepass XC's browser plugin does.
- Update frequency does not convey quality at all, Open source products are also updated frequently. No updates in a long time (more than a year) would be worrying, especially if there are CVE's published but not addressed.
- Proprietary just means people can not check the validity of the security product. Kerckhoffs's principle even states that a secure system is secure even when everything but the secret key is publicly known (something open source products all do).
- the
cloud is just a word that means someone else's computer. a good product would use a encrypted storage that you can securely duplicate to many places without risks, and having your own independent copy of the storage means you can still access the secrets even when the company goes offline (or bankrupt).
As with anything in security, whether something is "fit for purpose" or even "better" than another option depends on what your threat model is.
which risks are you trying to mitigate, or even illuminate and at what costs.
it is impossible for anyone to just tell you between the 2 options you have given, which one is better...
but I do hope you now have some better ideas how to approach the problem, and are better aware of what is and isn't a factor.
