For convenience, most people won't opt out of it. Most people won't bother at all. Google employees(or even NSA if you don't do anything illegal) coming to your home/office to use your WiFi is a joke! Only the paranoid ones are perturbed by these kinds of revelations, and they are ready to face the inconvenience caused.
I didn't use last pass until recently when keeping a difficult password on every site became a major pain given that countless numbers of password enforcing rules are there on the web some requiring at least one caps, some enforcing using at least one symbol but not using a ~ or a # yeda yeda. I gave up on it. Every damn time I had to reset password on services I use less frequently. But now I don't.
Although LastPass claims that they keep the passwords encrypted and they themselves can not read them. But I don't believe them. Login to lastpass.com. Click your vault on top right corner. Click the pencil against any site in the list. Click the 'show' link in front of password field. And your password is staring at you in plain text. And it has been accessed at lastpass.com. Once they start storing master passwords, or once someone cracks their hash you are done with.
But there is no simple and easy alternative. To get the job done we need to make these sacrifices.
This is a simple version of how it works, your master password isn't sent to lastpass, just an encryption key which is created with your email address and master password. On the website this is done client side with javascript. When you click on the pencil icon, you are reading the decrypted file, which you have decrypted on your own computer, with javascript.
Client-side decoding in a web app is not secure against the host of the web app, because the decryption code can be changed at any time to contain arbitrary backdoors. Lastpass stores the encrypted secret, and they serve the Javascript that decrypts the secret, so they should be assumed to have access to the secret.
who says they need to use wifi. i expect a significant proportion of those passwords are shared with other systems, or may allow access to other corporate services - most likely VPN.
I didn't use last pass until recently when keeping a difficult password on every site became a major pain given that countless numbers of password enforcing rules are there on the web some requiring at least one caps, some enforcing using at least one symbol but not using a ~ or a # yeda yeda. I gave up on it. Every damn time I had to reset password on services I use less frequently. But now I don't. Although LastPass claims that they keep the passwords encrypted and they themselves can not read them. But I don't believe them. Login to lastpass.com. Click your vault on top right corner. Click the pencil against any site in the list. Click the 'show' link in front of password field. And your password is staring at you in plain text. And it has been accessed at lastpass.com. Once they start storing master passwords, or once someone cracks their hash you are done with. But there is no simple and easy alternative. To get the job done we need to make these sacrifices.