Byzantine Password Managers

Password managers like LastPass (https://lastpass.com/) - convenient. But risky. ISO a Byzantine password management system. No single password manager storing the actual passwords. Instead, if Byzantine-3, then any 2 have enough information to obtain stored passwords in plaintext - but no single password manager does. Probably requires a Javascript client that accesses each of the Byzantine set, and combines their responses. What does this protect against? => Having one (or a few) of the Byzantine set hacked. But not having a quorum hacked. => The bad guys hacked a sub-quorum do not have the ability to log in. => The bad guys cannot DOS you by giving you bogus data. What does it not protect against? X=> doesn't protect against the most likely security flaw: having the user computer, e.g. web browser, hacked. Wait... about that... ?=> Two+ factor. Clients running on two or more devices, e.g. PC and cell phone. No client knows the actual password? Unfortunately, this would require the folks who require passwords to get involved. Beyond 2 factor. "Dynamic two factor"? (But I guess this is what the security amulet idea is all about.)