What are these services exactly? How are they safe as I assume the passwords are saved in the cloud?
(The lawyer in me wants to point out that I'm a software engineer, but these opinions are my own and don't sue me if bad things happen. I do all of this stuff personally, but YMMV)
Let me quickly set the stage and then I can give a good explanation of what these services do. This might come across as too basic for you, but I don't know how much tech knowledge everyone has.
Here's the
really common danger scenario. A site gets hacked and a list of all of their usernames and passwords gets leaked onto the Internet. This is what happens whenever a site gets hacked.
A bunch of hackers find that leaked list of usernames/passwords and grab a couple. Maybe they choose at random, maybe they target a specific person, who knows. But, they grab a username / password and start logging into any site they can think of. Most people use the same username and password everywhere. That means the leaked username / password can be used to log into email addresses, bank accounts, IU, Netflix... everything. A hacker can do a lot of damage to a person if they can log into all of their accounts.
There's three ways to prevent this from happening to you.
1)
Have a different username + password for everything. If a username or password gets leaked, it only lets a hacker log into that one site that leaked the password.
2)
Keep an eye on hacks. That way, when a password gets leaked, you know to immediately change it before a hacker can log in with that password.
3)
Have a second physical factor. That way, a hacker needs both your password and a physical thing that you own to log into a website.
Two factor authentication solves the last one.
Password managers help solve the first two. They automatically generate passwords for you when you create accounts and then log into accounts for you automatically. You only have to remember the password for your password manager and then your password manager remembers the passwords for everything else. As for bullet two, many password managers get their hands on lists of site leaks. They can alert you if they notice one of your accounts was hacked and tell you to change the password*
There's a bunch of different password managers out there with LastPass and 1Password being the most popular. The basic idea of a good password manager is that you have one password called a master key. That master key encrypts your bank of passwords. The bank of passwords stays on your password manager's server (or your computer). The bank is only unencrypted on your local machine using your master key, which nobody (including the password manager company!) knows but you. If you forget your master key, you're screwed.
Encryption is just math. You don't have bad encryption, you just have bad math. The popular encryption standards (AES, etc) have been vetted by experts and are seen as good math. That means that you don't have to worry too much about the password manager company messing up their internal systems because you are relying on the math, which should be sound.
In the end though, diligence is important. Don't over rely on password managers or 2FA as a magic fix.
* I said that all of these password managers didn't know your usernames or passwords. If you let them look for leaks, they'll have access to your usernames only so they can compare your usernames to the lists of leaks. If the password manager company gets hacked, a hacker could get a list of all of your usernames. That's not the end of the world. Personally, I think that's not too bad considering bad leaks are.
EDIT: Some grammatical fixes and a better explanation of why password managers solve the two problems I mentioned.