>When you are in another country trying to access apps that normally work in the USA but ask for further layers of security when abroad.

You can enforce different security controls based on conditions (e.g.; someone logs in from a location where they normally don't...boom captcha and/or force a 2fa challenge)

>Sounds like a cool concept but in the back of my mind I am thinking this type of store all passwords in one place is an accident waiting to happen.

There are risks involved, for sure (but nothing is zero risk...unless you just don't do things on the internet).

Outside of LastPass' fumbling of the incident, these password management platforms really are designed to slowdown someone abusing the secrets being stored (hinges, usually, on master password strength and pbkd iteration count). There are captchas and 2fa to slow down unauthorized folks from breaking down the front door. Then there's the key derivation function itself (slows down bruteforcing of passwords)...you'll see an iteration count in settings somewhere in the password manger...the larger, the better...of course, the larger it is slows you down too (but you aren't trying to guess your password...so it has a much more drastic effect on brutefore attempts)

When it comes to the master passwords, just follow best practices (this isn't from me, this is from the people I follow to do my job...NIST): "Choose a long passphrase for the master password to the password manager and protect it from being stolen. A passphrase can be made sufficiently long to protect against attacks while still allowing memorization." (https://pages.nist.gov/800-63-FAQ/#q-b10)

When it comes to creating / storing passwords, just let the password manager do its thing...you aren't buying yourself anything by adding numbers and other easily guessable patterns to the password to an already long password generated by the password generator.