I’m personally not comfortable with LastPass because of the small but nonzero risk involved in the service being compromised as it was last year. Granted, making off with the password hints, salts, and authentication hashes still makes for a bit of work on the attacker’s part without the vault, but it still left me with cold feet.
Others have mentioned and I agree: KeePass + Dropbox is great for ease of use and having just a little more control over the vault. Now I only need to remember two passwords: my dropbox account and the master password for the vault. And then hoping that the NSA doesn’t have an arrangement to be shipped a copy of every *.kdb file every so often. My capacity for extreme paranoia just isn’t what it used to be.
Why two-factor or multi-factor auth isn’t more widely available makes me sad. Too few orgs put a price tag on security until after it bites them in the face.
