A report from Independent Security Evaluators (ISE) showed that password manager security is acceptable in non-running states, but are vulnerable to memory attacks when in running states. Products from 1Password4, 1Password7, Dashlane, KeePass, and LastPass were tested in the report. For example, 1Password4 properly scrubbed old password entries from memory when it loaded a new entry; this meant that only one password was exposed at a time. But the master password remained obfuscated in memory and a bug allowed the master password to be stored in memory in a cleartext form; even when locked. In another example, 1Password7 decrypted and loaded all the individual passwords in the running state and didn't scrub the individual passwords, master password or the secret key when transitioning from the unlocked to locked state! Dashlane exhibited good security practices until the user changed an entry. Then it exposed the "entire database plaintext in memory and it remains there even after Dashlane is logged out of or 'locked'." The entries remained in memory for more than 24 hours. KeePass was decent until a simple strings dump from the process memory of KeePass was performed. There it exposed all entries that had been interacted with. LastPass performed as well as KeePass. ISE concluded that while "it is evident that attempts are made to scrub and sensitive memory in all password managers. However, each password manager fails in implementing proper secrets sanitization for various reasons." The password manager vendors responded to the report from ISE. LastPass says it patched its issues and KeePass noted that the basic underpinnings of Windows affected its ability to scrub the password entries as "Windows and .NET may make copies of the data (in the process memory) that cannot be erased by KeePass." Dashlane noted that "if an attacker has full control of a device at the lowest operating systems level, they can read any and every information on the device." 1Password's spokesperson took the same stance with "An attacker who is in a position to exploit this information in memory is already in a very powerful position. No password manager (or anything else) can promise to run securely on a compromised computer." In this paper we will examine the inner workings as they relate to secrets retrieval and storage of 1Password, Dashlane, KeePass and LastPass on the Windows 10 platform (Version 1803 Build 17134.345) using an Intel i7-7700HQ processor. We examine susceptibility of a password manager to secrets exfiltration via examination of the password database on disk; memory forensics; and finally, keylogging, clipboard monitoring, and binary modification. Each password manager is examined in its default configuration after install with no advanced configuration steps performed. This paper is not meant to criticize specific password manager implementations; however, it is to establish a reasonable minimum baseline which all password managers should comply with.