Lots of people, perhaps the majority, still use master passwords that don't have a ton of entropy. For example, the bad guys that stole the LastPass vaults have definitely cracked a lot of the vaults that were protected with weaker master passwords.
1Password's approach is definitely the right one here, where the master key is basically a combination of the user's master password and a random 128 bit (I think it's 128) value, which does make cracking impossible. The user has to print out this value so that if they need to sign in on a new device that they can enter the value, so it adds a little friction, but 1P has the right idea that humans just can't be relied upon to generate and memorize high entropy strings, in general.
I’d bet (though in all fairness, only a low amount ;)) the intersection between a user that has both a weak master password and attackers willing to spend a ton to rent a GPU farm is pretty low, though.
My guess is that most people who have high value passwords also have weak passwords. CEOs and CFOs can probably authorize huge financial transactions with little oversight and tend to be security illiterate.
1Password's approach is definitely the right one here, where the master key is basically a combination of the user's master password and a random 128 bit (I think it's 128) value, which does make cracking impossible. The user has to print out this value so that if they need to sign in on a new device that they can enter the value, so it adds a little friction, but 1P has the right idea that humans just can't be relied upon to generate and memorize high entropy strings, in general.