[tokenizerrr]

I really want to like LastPass, but I can't get over all of my passwords being stored on someone elses server. Doesn't that seem like a terrible security risk?

[berberous]

Well, this scares me:

http://techcrunch.com/2014/07/11/lastpass-finds-security-hol...

http://arstechnica.com/security/2014/07/severe-password-mana...

[PeterWhittaker]

The LastPass vulnerabilities affected only bookmarklets (used by less than 1% of LP users, according to LP) and OTPs (no estimates for use).

I've been using LP for over a year, didn't know either feature existed until the disclosure: I use it strictly for its main capability, encrypted and unique site passwords.

[nacs]

The data is decrypted client side only. The server only stores an encrypted version that you send via SSL.

[dblandin]

I'm a big fan of KeyPassX which you use can easily store locally or sync via Dropbox.