It is worth pointing out that Password Maker’s main method of use is as client software that you download. Plus, if you are using a compromised computer, especially one that is publicly accessible, then all bets are off, even if you are using just your brain. Using password maker or not will not strengthen or weaken your position.

As far as using rainbow tables against Password Maker I would hope that Password Maker salts the hashes, but I guess it is possible they don’t. If they do not, then an individual site could generate a rainbow table with their domain and attempt to reverse the passwords used there to get your master password. I didn’t see anything about salt on Password Maker’s site. Good question! But if a site is compromised, and you are using a finite set of passwords from memory, then you are screwed then too.

And since the idea is that you could use this online service from anywhere, that is exactly what people will do - use it anywhere on computers of potentially unknown security states.

Even tho the data doesn’t go anywhere but the browser frame, if you use a computer you can’t trust 100%, you might as well just hand over your credentials to strangers on the street. Not only could you expose a password to an innoculous site you don’t care about but every site you have ever used with it and ever site you will use with it until you realized you have been comprimised (if ever) and switch your scheme.

Then the cycle can start again.

That is, provided someone hasn’t just created a huge rainbow table and is using a seemingly safe site to phish for credentials.

Better off to use your brain.