>I much prefer the security of being in control of my file, and having its online option controlled by someone else (Dropbox); and logging into Dropbox to then see my passwords 'online' on the go.
You can't even do that. You have to install a local client. Download the file, open it in your new client, edit it, manually reupload it. If you don't want to use the on-web LastPass vault, then don't, but it's still doing local decryption and you can still used the signed Chrome extensions to carry out ops if you don't trust LastPass.com proper.
>If Lastpass.com is compromised, the attacker can MitM compromise my credentials.
Which part of "local, client-side encryption" is confusing?
edit: 1PassAnywhere is the exact same thing as what LastPass is doing with it's LastPass.com-served Vault.
edit2: There's even multifactor auth available for it and the Online Vault feature.
You can't even do that. You have to install a local client. Download the file, open it in your new client, edit it, manually reupload it. If you don't want to use the on-web LastPass vault, then don't, but it's still doing local decryption and you can still used the signed Chrome extensions to carry out ops if you don't trust LastPass.com proper.
>If Lastpass.com is compromised, the attacker can MitM compromise my credentials.
Which part of "local, client-side encryption" is confusing?
edit: 1PassAnywhere is the exact same thing as what LastPass is doing with it's LastPass.com-served Vault.
edit2: There's even multifactor auth available for it and the Online Vault feature.