[WXLCKNO]

After seeing people lose cryptocurrency first hand through the LastPass leaks (hot wallet seed phrases, which is still stupid to have online but..), I really feel like the odds of a leak being the cause of any issues higher than a bad password, for tech savvy security conscious users at least.

[01HNNWZ0MV43FF]

Wasn't that because they had backed up their password vaults to LastPass' cloud service?

I use KeePass, never upgrade it, and only back it up to my own cold spinning drives. If malware stole my local vault I'd be in trouble, but it's more convenient than keeping my passwords on paper.

[niij]

LastPass is inherently a SaaS, right? There is no ability to use it without syncing your vault to their servers.

[justinclift]

Maybe Bitwarden would be the better alternative, as its OSS?

https://github.com/bitwarden

[connicpu]

Part of why I avoid password managers that use their own cloud system. Storing my vault in a regular cloud database, not a password-specific one, to me makes it much less likely my vault will be compromised.

[rkagerer]

Not criticizing, but I'd rather not have it in the Cloud at all.

[kcartlidge]

> After seeing people lose cryptocurrency first hand through the LastPass leaks

The reason for those losses was partially that LastPass was encrypting with extremely low iterations on long-standing accounts (it also may not have helped that they didn't encrypt URLs either). That was a terrible practice which isn't duplicated by credible alternatives.

As a matter of opinion you may still be right, though personally I consider the risks of a bad password to be higher than a leak purely because without a password manager making it simple to use long random passwords most do tend to be bad ones (duplicated/short/guessable/engineerable) as those are the only ones that are memorable.

It's the usual trade-off between security and usability, with the perfect being the enemy of the good, especially in regard to pushing less technical users to solutions which may not be ideal but are still much safer.