washingtonpost[.]com/technology/2019/02/19/password-managers-have-security-flaw-you-should-still-use-one/?noredirect=on&utm_term=.5e798de49e1e
If you use Firefox this article might appear alongside others in the Pocket service on the browser's home page. And it's most likely much ado about nothing, but of course it's up to you to decide. Long story short, to get to the data the article talks about, a cybercriminal would have to already own your device -- they'd have to already have a presence, either via malware or hands-on, in person. And once that happens, all bets are off, e.g. Microsoft sometimes declines to patch a known vulnerability when it requires that sort of presence -- at that point it's like the proverbial closing the barn door after the horses have run off.
What the Post's article calls a "Security Flaw", is unencrypted data stored in memory -- the memory contents can then be dumped & analyzed, revealing that data. The data that they talk about [at least in the case of KeePass & some of the other apps] has been decrypted so that it's usable when it's passed to Windows, since you can't very well copy a password unless you can see that password. And once something's in Windows managed memory, it can be problematic to scrub it. Needless to say, if a cybercriminal already has access to your device, something like a keylogger would probably be more efficient than dumping memory & analyzing the contents.
keepass[.]info/help/base/security.html#secmemprot
That said, if this issue really bothers you, you could run your password mgmt. software in a clean VM, as long as you didn't enable copy/paste between the VM & host, having only minimal connections between the host & the VM. The new sandbox coming to win10 this Spring [with the version update] should work too... the main difference I can think of is that you can download a VM from Microsoft & run it, whereas the sorta VM the Sandbox uses needs to be created from existing files in win10, & they might already be compromised. Once you can see a password in the VM [or Sandbox], enter it manually wherever you need to, maybe while running something like Key Scrambler.
qfxsoftware[.]com/