It was definitely my stupid fault but the fact is that it introduced a bunch of fragility and less control into password management for me and wasn't a great solution. But it seems increasingly clear to me these days that internet-connected devices are simply unsuitable for anything which requires privacy in any case.
I use Lastpass. I just logged in online and can see all my passwords so it doesn't seem terribly secure. I there was key-logging malware on my machine it could have got my master password and hence all my passwords off Lastpass. It seems handy for all the crap passwords but I would not want to rely on it for anything that lets people nick money. Unless I'm missing something...
LastPass uses your master password to decrypt your key store clientside. What's stored on their servers is an encrypted blob to which they don't have the key. It is an actual zero-knowledge system.
If there was key-logging software on your machine, you're pooched any way you slice it (since such malware can just snarf decrypted keystores out of memory anyhow). However, with LastPass you can use Google Authenticator or a Yubikey or similar to enforce second-factor logins, so that even if you have malware on your machine, there is a drastically-smaller window in which to attack you.
On the upside, you get phishing protection (LP won't fill passwords for sites that don't actually match the site that you've saved passwords against), password duplication detection and strength auditing, notifications of when your passwords may have been compromised by major breaches, secure transport of passwords to other people, and transparent synchronization across devices. It's quite good.
