cleverwise
Elio Aficionado
Lastpass is no less secure than a Keepass DB stored via dropbox. Properly implemented with 2 factor auth both are only a very small step down from a locally stored Keepass DB. Keepass on a usb key is great IF you have the ability to mount USB drives on all the machines you log in on.(I unfortunately don't always have that luxury with my work environment)
Lastpass also only stores an encrypted DB of the users passwords that is encrypted/decrypted client side upon login/logout. They never have the decryption key, nor is it transmitted to them so they can't leak it.
That is only partially true. For starters you don't have to upload the Keepass information to the cloud. So in that situation Keepass is far safer. However in the case of uploading to say dropbox it is obviously more at risk. Still even in this environment the risk weight isn't the same.
Which is far more likely to be targeted? A dropbox account or LastPass with username and passwords? True the dropbox service could be compromised but there is some safety in numbers. LastPass is nothing but secure data. Also you can easily hide your Keepass file among 100's or 1000's of other files and give it a boring name.
I also question LastPass' mobile application security as many mobile apps fail big time in security. Theirs might not but it raises serious questions.
A few months ago LastPass had to security flaws:
http://techcrunch.com/2014/07/11/la...d-manager-doesnt-think-anyone-exploited-them/
Minor? Perhaps but when storing extremely valuable information it raises concern. LastPass is a personal choice, obviously.