very bad idea Rated 1 out of 5 stars
people who use this must be insane,even if Last Pass only gets the encrypted data on their servers,what if an attack on AES is discovered that weakens the algorithm or even breaks it?
all your passwords will be compromised.
Let's run that scenario out
Let's say that someone figures out a theoretical attack on AES -- would it be practical? Almost certainly not, but let's pretend it was practical too for the sake of argument.
LastPass would be working to provide new encryption algorithms to choose from not exploit a hole without existing algorithm -- your data is still protected by LastPass, even if you suddenly have to worry about a rogue LastPass employee. You'd have plenty of time to react as well: it might mean you'd want to change the passwords of your most sensitive accounts but only if you don't trust LastPass employees.
LastPass has done everything we can to avoid the liability of having an employee or anyone have access to your sensitive data and we'll continue to do so.
There are plenty of other businesses that employee this model with arguably more sensitive information: online backup providers.
Is every online backup provider (which uses the same exact encryption algorithm as LastPass with typically _weaker keys_) a very bad idea too? No, that's a billion dollar industry, and a very good idea.