Dear Lifehacker,
You recommend LastPass to avoid problems when services get hacked, but what happens if (or when) LastPass gets hacked? Wouldn't that just give hackers access to all of my accounts? Is LastPass safe to use?
Sincerely,
Password Protector
Dear Password,
Your worry is a common one: if LastPass stores all your passwords in the cloud, what's to stop someone from hacking them and then getting into all your other accounts? Thankfully, it's not so simple. Nothing is 100% secure, but we think you can feel safe with LastPass.
First of all, let's remember that LastPass—as a security-focused app—is dedicated to security in a way many services are not. Even when LastPass thought they might have gotten hacked back in 2011, they notified their users immediately, and forced a master password change if you tried to access it from a new computer.
Furthermore, like any other service, you should be using two-factor authentication with LastPass. If you do, someone with your master password still will not be able to access your account, even in the event of a breach. If you want to take it to the next level, you can put together this awesome thumb drive-based system and enable these features for extra two-factor security.
Lastly, remember that the only secure password is one you can't remember. If you can remember it, it's probably more easily hacked and more easily usable on your other accounts. Using a password manager is still the most secure way to use your accounts, and it makes things very easy to audit an update when someone does get hacked (which sadly is a common occurrence these days).
If you don't like the idea of storing your passwords in the cloud, there are alternatives, like the awesome KeePass. These keep your data out of the cloud, but make it more difficult to access your passwords on anything but your main computer—which is a huge blow to convenience. Unless, of course, you sync them with Dropbox, which defeats the whole purpose of using a local password manager. And remember, if someone has physical access to your computer, they can still get your password database that way.
At the end of the day, it's up to you to use what makes you feel safe. But remember: nothing is 100% secure. We still think LastPass is the best option around, as long as you use it correctly.
Good luck and stay safe,
Lifehacker
Image remixed from Danomyte (Shutterstock).