Still better than a password-protected MS Office document!
This is a good wake-up call to those of us who use password managers. The password manager is only as secure as the system it runs on.
So, when deciding whether to use a web-based or local password manager you have to assess whether your machine or the web company is more likely to be compromised. It is a hard call: the web company have a lot more resources available to protect things, but is a MUCH more valuable target so is under lots of threats; I am careful on my machines but some of them are likely to have significant zero-day vulnerabilities (such as phones).
It is certainly a reminder to make sure you separate information into separate databases as much as possible, possibly on different systems/services. Certainly keep really critical passwords (personal bank account, maybe domain administrator account) either in your head or, at least, in small databases, so it is less likely you have opened them before you discover the machine/service has been compromised.
Biting the hand that feeds IT
