Comment Re:KeePass? (Score 1) 114
An attacker would need my LastPass password (which is not, itself, stored in my LastPass vault); my physical YubiKey; and the knowledge to use both in tandem, in order to gain access to my LastPass account.
Yes, because the Lastpass website enforces this two factor scheme.
On the other hand, once it's open on your computer: the entire database is available for RAM-scraping malware to take a peek.
Or to decrypt using only the master password, since, as I understand: it's just the Lastpass website that requires the 2-factor, before allowing your software to download the DB.