My point was that putting your password database "in the cloud" is a bad idea. Nothing more than that.
Actually it's a brilliant idea, as long as the encryption is strong enough.
There's no way for a normal person to determine if an encryption implementation is any good or not, so the only way to keep your passwords reasonably private is to not put them in that leaky sieve of online storage.
A "normal" person uses '12345 ', 'password' and the name of her dog as passwords. A "normal" person doesn't know and doesn't care about the implications of any of that. However, if you do use "good" passwords, chances are that you're also able to educate yourself enough about encryption to make - at least - an educated guess about the strength of an encryption scheme.
Any random employee, hacker, or government could have access to your files there and you wouldn't know it. Hell, a Dropbox admin could have a script that just scans their entire storage for known-weak password database files and you wouldn't hear about it until the breach surfaced.
In most companies not "any random employee" can access all data. Not even all company data, let alone customer data. But let's assume the malicious Dropbox admin scans their entire storage for known-weak password databases...
1. how does he know them? by research... something you could do as well before using something
2. how does he identify them? by file extension? by file header?
3. how does he collect the MASSIVE amount of results (we're probably talking tens of terabytes at least)? On an external hard drive or something the like? would there be anything more suspicious for him to do?
4. what does he do with the data then? sell it? no, he has to break it open first... which isn't free either
5. why would he want YOUR data? is it really THAT interesting? and if you've access to valuable bussiness data, so does your manager who probably doesn't care or know as much about password security and is therefor the weaker link and a better target for an attack
also: if the government wants your data, especially if you live in the common-wealth, then you're screwed anyway... you won't outsmart the nsa unfortunately
Treating any cloud services as remotely private is insane.
Seing threads everywhere and thinking that ones own data is so damn special to anybody that it would be worth the effort of breaking a strong encryption is even more insane
People put "password protected" zip files and Word documents and PDFs and such on Dropbox not knowing that the protection is junk, and most people here would scoff at the idea that they're safe.
I use the built-in OS's keychains and password managers. They're "encrypted", but I wouldn't put them online. I transfer them between computers using a USB drive when I need to. It's not that big of a pain and I'm not paranoid enough to think that people are actively trying to break into my specific computer to steal my passwords.
That is as safe as putting "password protected" zip files online, really... if someone want's YOUR specific passwords, it should be easy enough to get someone steal your computer... easier than breaking into servers of big cloud providers... and the encryption on your computer would probably be easier to crack than the encryption of the data in the lastpass cloud for example
having something physically near you doesn't make it safer... quite the opposite is the case
that said: I go with lastpass... it's as secure as it gets right now... apart from actually memorizing all your passwords... I'd be more paranoid about laced shoes... loose laces pose REAL danger, you know... also it's more likely to get robbed on the streets or run over by a car than someone stealing your passwords from the lastpass servers...
however: you can be as paranoid as you want but I hope you use an adblocker or your "my passwords are only stored in the OS's password manager" strategy (or any other strategy apart from having an allways-offline device where you put and read passwords manually) is pretty much useless anyway...