Why I ask is..

Keyloggers capture what you type on your keyboard, or even if you use the windows keyboard to type in the password with your mouse.

They also have access to passwords you copy and paste from the password manager.

Some password managers have been hacked by hackers.

Its probably a silly question but was just curious because for all these reasons it seems a simple wordpad would be just as good if not a even better option for storing passwords?

In one sense it isn't a silly question. There are risks associated with the password manager being compromised.

But there is no logic to what you suggest. If your concern is a keylogger then keeping your passwords in a text file is not going to help you. When it comes to using them you'll either be typing them or copy/pasting, and still vulnerable to the threat you fear. Worse, all the rest of the time you'll be keeping all of your passwords in a single unencrypted file that could be compromised without a keylogger ever having to be installed.

The point is that the password manager gives most people a much more secure, and practical, solution to the problem of having good password hygiene.

You need to mitigate the threat of keyloggers (a vanishingly rare attack in comparison to other risks that you're likely to encounter - whether they be ransomware or phishing sites or whatever) with good security practices. These include a good AV product, good antimalware software, and common sense (which extends to things like running as a limited user account and not with admin rights).

Here's one person's take on it, which seems reasonable. No idea as to credibility: just the first hit on a Google search.

Thanks yeah that was one of the articles I read.

But can you give a example how the computer can be compromised without a keylogger or trojan being installed.

I should add I use a separate computer for poker only which is not used for surfing the web or forums etc etc.

Basically my point is even in that article where he says password manager are still a better option for storing passwords but I don't agree because if someone is using a computer for poker only and stores passwords offline, doesn't open emails or click links or surf websites with that computer, but instead only switches on computer types in password to log into poker site plays poker switches computer off and that's it, so doing this your not giving the hacker a option to install a keylogger trojan etc etc but by using a password manager that is a extra "out" poker term :P for a hacker to compromise the computer you only use for poker, is this correct?.

I gave you two (depending on your definition of trojan). You might trigger a ransomware infection. Or you might be tricked into entering details on a phishing site. Both would compromise the security of your machine. Someone getting physical access to it is even more of an issue.

But the extra information is pretty important here. As for your last question, I suppose that may be correct so long as you never open a web browser including from inside poker sites, don't access email, IM or other communications, don't get targeted by someone specifically (which admittedly is very unlikely), don't use any removable media and are only talking about the safety of storing your poker passwords and not those you use on other machines. And even then your security will depend on the software you do use (e.g. poker sites, HM2/PT4, other tools) not being compromised ever.

This is probably all a bit tinfoil hat though. Any reputable password manager should encrypt your passwords in its database. You approach would make a bit more sense if you were encrypting the file on your local machine. Storing it in plaintext is senseless.

And if it is just your poker passwords we're talking about, can't you just remember them?

Yes poker passwords only but store them offline booklet etc.

This thread was more re a debate with a friend who considers himself a computer expert (guy owns a computer ) hence computer expert.

You are ignoring physical security of your machine. If you live with someone else you need to protect yourself against them. Keeping your passwords in a notebook next to the computer isn't secure. If you talk to anyone about a big poker win you risk someone breaking into your apt/home and stealing your machine. Keeping your computer turned off when not in use and only using it for poker is good but do you check all your USB ports before you turn the machine on to make sure no one has stuck bootable drive into one? Are you sure your wireless isn't being spoofed by a bad guy? Did you check the room next to where the computer is for VanEck phreaking gear?

Obviously you have to be way more important than you are for these to be legitimate concerns and you are most likely safe enough keeping passwords in a notebook that's with you. But keeping them in a password manager is better because they are physically secured, you have a much higher ease of use; you don't have to remember any passwords but the PW manager one so you can use very strong passwords for everything and you can keep them on your phone as well.

Wifi is switched off on the poker computer as is VPN Airplane mode as the internet is connected using the Ethernet.

What is IP spoofing? I googled but the examples are a bit technical for a computer noob, isn't IP spoofing clicking on links?

looking at things purely in terms of security, if you choose unique, strong passwords, and save them in wordpad vs save them in a password manager, the difference is basically negligible. the only real pros and cons, saving in wordpad would leave you vulnerable if your computer was physically compromised, saving in a password manager would leave you with an increased risk the manager itself is hacked. both are pretty negligible risks for most people.

in practice, most people will be more secure using a password manager, because wordpad will make using secure, unique passwords too inconvenient to actually do.

Any virus could scan your files for things it thinks are passwords and phone that home. Unencrypted word file is a terrible idea.

If you feel the risk of a browser-based password manager is too great for you to bear, get a password vault instead.

any virus able to do that would just keylog you anyway rather than phone home text files to sift through, and passwords saved in wordpad wouldn't have your username, or necessarily even enough information to know what site the password goes to.