In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious…
And this is why you don’t want cloud based password storage systems. If you want to use a password manager, use something entirely local like KeePassXC. The database it creates is so small you could fit it on a floppy so it’s immensely portable.
Cloud based systems can be perfectly sound. You can read how other managers do it, which are also audited by security experts. It’s just LastPass being bad.
And sure, local can be more secure, but you’re then at higher risk of losing access to it, should the worst happen.
The problem is more that LastPass’ system is bad. 1password (and probably others) mitigate a possible hack by having the keyring encrypted by something in addition to the password.