[harryf]

Not the OP and personally less radically against cloud-based services... But storing something as critical as passwords with a SAAS company which is obviously going to be target of attack and may or may not have the engineering resources to provide a reliable quality of service... seems like a bad idea.

Google(Drive) at least I trust to have the engineering resources to keep data secure, perhaps not from government secret services but at least random hackers

[chousuke]

They don't really store your passwords, just an encrypted blob that's openable with your master password (more accurately, a key that is derived from it using an expensive operation so that brute-forcing is unfeasible.)

You do need to trust them enough that they will never sniff your master password (AFAIK even the web vault is local only) but eg. the command-line client is open source, so you can at least verify their protocol.

That said, I might switch to bitwarden at some point purely because it can be self-hosted.

[Faark]

I just don't want to store my passwords in exactly the same way everyone else does. I'm not a high value target, so my threat model is a 3rd party getting screwed / screwing us. Just a little bit of customization should be enough to throw off whatever tools attackers will build to mass harvest.

[jupp0r]

It depends on what plan you are on. Afaik, the enterprise plans have key escrow and an option to recover your account if you forgot your password.