Would Google consider breaking Lastpass a bug or a feature?

I don't know how they could consider it a feature. If someone is using lastpass, that person is probably many times more security-conscious than their average user.

Couldn't you also, just as fairly, interpret the use of any "single password to lock up all my other passwords" somehow less security-conscious?

No, because without Lastpass, users use the same password everywhere, or use trivially crackable passwords.

That is a sweeping generalization about security habits of non-users of Lastpass. My point is that the security-consciousness does not necessarily go hand in hand with using a password management system. If someone gets into your single point of truth, they not only have all your passwords, they know about all your other accounts after - needing only to break into just one of them.

It's about risks and exposure. If it was reasonable for people to have randomly generated, unique, memorable, passwords for every account (also change them periodically and after database "leaks"), then we wouldn't have a need for password managers.

Odds are, people compromise on many or all of those things (even smart or meticulous ones). What you sacrifice with a password manager is a single point of failure. Although, that's a bit dire, generally (and arduously) you could reset those passwords one-by-one if you lost your master password and/or database.

What I like though is that the exposure of your master password is controlled by you and limited between your keyboard and the application (and the various few things in between; the OS, perhaps RAM, etc). This is usually a lot more narrow than the path your passwords usually take (your browser, http, their server). Because it's a single password (and I'm not limited to a site's stupid max character or other constraints), I can make it as obnoxiously long as I'd like--and I don't have to try 3 or 4 obnoxiously long passwords because I can't remember if I typed the wrong one or if I typoed the right one until I get locked out of that website.

Like I alluded to earlier, I also like knowing how long ago I changed my password, what it used to be (in case my db is updated and I didn't quite change my password like I thought I did), unsecure or duplicate passwords (as I migrate them over), or if there has been a database compromise on their end and I though update my password. I'm kind of surprised nobody has released features to automatically change passwords on specific sites.

It's not a generalization but absolutely truth about all people who don't use password managers. They use same password for multiple accounts or invent some "complex" rule to create passwords by url or title or something else. And second option is in light years away from secure way of storing passwords :)

Most of these password managers support 2 factor auth. And personally I would consider it unwise not to use 2 factor if your passwords are kept in the cloud (as opposed to a local password vault).

It's very true. The click isn't the problem, the "waiting for transition between pages" is the problem.

Type username/password = ~1s each

Single keypress = ~0.1s each

Page load = ~2s

Before: username + tab + password + enter = 1 + 0.1 + 1 + 0.1 + 2 = ~2.2s

After: username + enter + page load + password + enter = 1 + 0.1 + 2 + 1 + 0.1 + 2 = ~4.2s

Roughly doubling the amount of time it takes to enter your information is significant and annoying.

Except it doesn't even take a second for the password input to appear. Where are you getting those numbers from anyway? When I tried it, it only took about 152 ms for all the data to load after submitting the e-mail address.

It depends greatly on your location, connection and browser. Many users are stuck on low quality internet connections or mobile devices where things can easily take a full second or more.

I have no problems with Dashlane