I’m not knowledgeable on the details of various hardware password managers since, at least for my use case, they add little benefit over a software password manager that is properly implemented, fully offline (i.e., no cloud crap), and fully standalone (i.e., no browser integration).
The capabilities required of an attacker to get into such a software password manager are a high enough bar that you’re probably already screwed if an attacker attains those capabilities. At that point, even if your hardware password manager is totally impregnable, they’d likely be in a position to snag each password as you use it. So it only helps if you have high-value passwords that you use so rarely that you’d have a chance of detecting and ejecting the attacker in the interim.
Assuming you do have such high-value, rare-use password to protect: The one must-have feature for hardware password managers is an absolute requirement that you MUST press a physical button on the hardware password manager once per password you want it to poop out. That prevents an attacker who’s compromised your PC and keylogged the master password from programmatically hoovering out the hardware password manager. Without that feature, it’s no harder to get at than the well-implemented, offline, standalone software password manager.
