The problem was that they were grandfathering existing users without notification every time they increased their PBKDF2 iterations. I think the current recommendation is 100,100 iterations, and LastPass was implementing that for new users. But it wasn’t updating that for existing users, resulting in some having as few as 5000 iterations, making that user’s encrypted data much easier to crack. You could change the iterations in the settings, but that required knowing that you needed to do this, and LastPass should have either changed it automatically or notified users that they needed to change it.

I was paying LastPass to be the security expert so I didn’t have to learn all the ins and outs of data encryption, and they failed at that task.

Depends on where your workstation is. If somebody breaks into my house and is in my office 10ft from where I sleep, them seeing my passwords is the least of my concerns.

FWIW, I do use a password manager. But writing things down offline isn’t that bad, depending on the situation.