Well LastPass has had a breach now twice but the integrity of their password database is still holding strong. If you're using Dropbox to share your password database, LastPass having a breach shouldn't be of any concern. I'm fairly certain Dropbox has been broken into more times than LastPass ever will be.
As someone who works in the security industry, I use LastPass and recommend it to everyone. It's no less safe than anything else + Dropbox (I really recommend against using Dropbox... use something like SpiderOak. Dropbox is not meant to be a secure file store) and the convenience is outstanding. Convenient security that everyone uses is much better than inconvenient security that no one uses. And something + Dropbox is pretty inconvenient once you're used to LastPass.
Well for one, they already have been broken into. Also they have a member of the board who strongly supports the NSA wiretap program and has very close ties to the highest levels of government.
They way I see it, the downside of LastPass is that it's online, so they could at request of some government or in case of a hack change the code that you execute to capture your master password or do whatever.
This obviously can be done with offline software too, but it's much harder/slower process.
Also I don't quite understand the point of encrypting your database in Dropbox. It's already encrypted. The problem is that someone could monitor how your encrypted file is changing and that way simplify decryption. And that doesn't change even if you encfs. Unless the point of it is to hide that you have password db in Dropbox.
How would that happen with 2FA set up? Even if they have your master password, how do they copy your Authenticator code or YubiKey or whatever else you might use?
I see people struggle with offline password managers to the point where they never use them or they get burned once because they're somewhere without access to their database and they stop using them. LastPass alleviates all of that. People make the same claims about TouchID (it's not secure, look at these theoretical bypasses, etc) but the fact is (which I thought I pointed out earlier) that convenient security is better than no security and no security is what you're going to get.
You think the government can't download things from your Dropbox and you think they can't decrypt your database? We know better now. The fear of "what if the government does" is completely gone. Even if they can't get to your password, they'll just go straight to Google or worst case scenario, straight to AT&T. The difference between encrypting like SpiderOak vs uploading an encrypted file like DropBox is that DropBox can hand over your password database to anyone they want to give it to. SpiderOak can't. You don't need to try to hide the fact that you have a password database, no one can tell in the first place. Security through obscurity isn't no security, it's just poor security and poor security is better than nothing (and far better when combined with good security).
You're using a password manager to keep your accounts safe from petty criminals and identity thieves, not from APTs or shady governments. And if you're using DropBox, the government probably already has it. I guess you'd have to ask Condoleezza Rice about that.
Use whatever you want, everyone has different needs and opinions. But I will continue recommending LastPass (and at the very least, strongly recommending against whatever + DropBox). Like I said, it's no less secure than whatever + DropBox. But it's a heck of a lot more convenient.
I am less worried about NSA attacks on my lastpass. To be honest they could get somebody into my house and attack my computer directly.
If the NSA wanted info from you they have out of channel attacks that can get things more directly. I may have a 20 character password on my gmail but google can hand all that data over.
As someone who works in the security industry, I use LastPass and recommend it to everyone. It's no less safe than anything else + Dropbox (I really recommend against using Dropbox... use something like SpiderOak. Dropbox is not meant to be a secure file store) and the convenience is outstanding. Convenient security that everyone uses is much better than inconvenient security that no one uses. And something + Dropbox is pretty inconvenient once you're used to LastPass.