While I agree with the premise, the article seems to slightly overstate the case of hackability. For example, I don’t think that LastPass is in the same class as say, Clipperz.is, which encrypts the data stored, AND the only way in is with user ID + login phrase (and if you lose your login phrase, you’re lost). Correct me if I’m wrong, but I think the Clipperz model is by far the safest of the non-biometric models. On top of that, I never store my entire password, just a hash of it which I know is adequate to trigger my memory of what it is.