Depends on where your workstation is. If somebody breaks into my house and is in my office 10ft from where I sleep, them seeing my passwords is the least of my concerns.
FWIW, I do use a password manager. But writing things down offline isn’t that bad, depending on the situation.
It sounds to me like you weren’t the only person the company was screwing with. Once everybody started comparing notes, that company was dead in the water.
Hit the nail on the head. Elon and spez don’t need to keep anywhere close to all their users for this to be a success. From a business perspective, they could lose a quarter of their users and still come out stronger if it means they’ve monetized the rest. Then add in the additional bonus of getting rid of all your ideological, principled troublemakers, leaving you with a platform full of high quality, addicted users that are easy to take advantage of. I don’t like it, but it really is a sensible strategy from a monetization perspective.
The problem was that they were grandfathering existing users without notification every time they increased their PBKDF2 iterations. I think the current recommendation is 100,100 iterations, and LastPass was implementing that for new users. But it wasn’t updating that for existing users, resulting in some having as few as 5000 iterations, making that user’s encrypted data much easier to crack. You could change the iterations in the settings, but that required knowing that you needed to do this, and LastPass should have either changed it automatically or notified users that they needed to change it.
I was paying LastPass to be the security expert so I didn’t have to learn all the ins and outs of data encryption, and they failed at that task.