I don't know what you mean by insufficient protection, but as I said proper E2EE implementation provides sufficient protection. A symmetric encryption scheme that satisfies IND-CCA2 with a high entropy key is infeasible to decrypt without knowledge of the key. This is well understood basics of cryptography. LastPass failed at the high entropy key part / slow password hash, but also leaking metadata in plaintext. Pretty much other password managers don't have this issue, both local and cloud based.