[zlapper]

I use lastpass, it's a great product.

[dwj]

Doesnt seem a great idea. When it gets hacked they get all your passwords.

[abraham]

LastPass encrypts all of the passwords client side. Assuming you use a strong enough passphrase it shouldn't matter if LastPass gets hacked.

[dwj]

Twitter uses bcrypt, so in theory this hack should also be nothing to worry about.

[Groxx]

is there an alternative where this is not the case?

[dwj]

My own solution is to have two different passwords for everything - one for banking and credit cards, another for crap like twitter/linkedin. I haven't changed my passwords for years (no point really, as you're likely to have the breaking as soon as they get your password).

I think there are risks with all solutions to the password problem.