[Gustomaximus]

Isn't there greater risk in using these than my method?

My logic: If one of these solutions e.g. LastPass is compromised then I am compromised across all sites. They may even bypass 2 factor authentication that goes via my email/messaging. Whereas using my method if one website gets hacked then I only give access to a segment. If it is worst case and a financial site is compromised they still don't have the password for accounts where they could see any 2-factor authentication messages. Does that make sense or am I missing something?

[voxic11]

You are missing something, LastPass and other password services don't actually store your information in any way they can read them. What they do is store the password information as a encrypted blob and the public key derived from your password. When you "log in" you actually are running the key derivation function on your password locally then signing a message with your private key and sending that to Lastpass. When they receive the signed message they check it against your public key and if it passes they send you your password information. Which you then decrypt clientside. So anyone who compromises lastpass gets nothing except a bunch of encrypted blobs and public keys. The only way to get at your lastpass information is to retrieve the unencrypted copy off your computers memory, but if a hacker can do that they can just steal your passwords as your type them in anyways.

[mhaymo]

KeePass is just an encrypted database stored on your machine. If it's compromised, your machine is compromised, so you're screwed either way. Meanwhile, if any of many online services you use are compromised (and some inevitably will be), you have minimised the cost of that.