Do a search on "LastPass breaches" to see the problem. Put simply, LastPass has demonstrated that its security infrastructure — both software and DevOps — is not robust enough to warrant trust.

Moreover, its management appears substantially more interested in minimising negative publicity than ensuring client safety. In short, LastPass cannot and should not be entrusted with your passwords. I used them for over a decade, but have now moved to the open-source BitWarden.

It was a suprisingly smooth transfer, apart from having to change all the passwords that LastPass's breaches compromised.