Because password managers store their passwords behind pretty sturdy encryption, and they require a master password that you can usually more easily remember and keep complex without too much issue.

Then when they go to do inputs and auto-fills they can sanitize the inputs in such a way that keyloggers can’t just skim their input easily.

They also do things like prompt you to change passwords to something new with different capitalization, symbols, numbers, etc. So that it’s easier to practice good data security with keeping your passwords unique to each service.

Now, they do create a single point of failure, but that point of failure is pretty sturdy as I’ve stated. It also typically requires you to have someone getting access to the system in question in person rather than remotely.