The design flaws of these systems are the fact that they are terrible at changing passwords, dealing with the arbitrary password requirements of many sites, and dealing with the fact that many sites require the storage of additional secrets for practical use that cannot be generated. (eg. secondary passwords or pin codes for privileged operations within the application, mandatory security questions, etc)
