I can only think of a scenario where this is still valid: spying.

The minimum one can do is have a different randomized password for every service on a possibly completely offline password manager.

Yes, you will depend on a password manager at all times, but at least the blast radius is minimized to the affected service.