[maibus2]

Yes. Given how mass data leaks have shown just how bad people are at choosing passwords - I think it's a very safe assumption that a large proportion of Last Pass users have weak, easily guessable master passwords.

The ironic thing here is randomly generated passwords produced by a password manager are highly likely to be more secure than the password that protects the password vault itself.

[bwoodruff]

> Yes. Given how mass data leaks have shown just how bad people are at choosing passwords - I think it's a very safe assumption that a large proportion of Last Pass users have weak, easily guessable master passwords.

Indeed. Which is in part why we developed the Secret Key. Even if someone chooses a relatively weak Master Password and all of the data were stolen from our servers cracking even just a single password of a single user via brute force would be implausible. The effort to reward ratio is very high (perhaps insurmountably so) on the effort side.

Full disclosure: I work for 1Password.