Yup. We can't get them to hold their own passwords though and plenty argue users handling their own passwords is often less secure than a custodial password solution. At least you can often change a password. IDK the answer for normies yet, for now I think self-hosted is the answer which is why Im slowly working on noscrypt and NVault.