TL;DR: Last Pass is broken. All passwords at the time of the breach were taken. They also got internal secrets from a laptop and can now probably throw computational power at anything they want to decrypt.
Switch. Do not use. Change everything you have if you were using it. Treat everything as breached.
deleted by creator
There's always the possibility Mozilla gets hacked like this. idk if there's a way to make it on device only, but by default it syncs with a Mozilla server.
But as I said elsewhere in this thread, password managers kinda need to be in cloud storage so you can access your randomly generated passwords from any device.
Also Bitwarden is more feature full. And you can host your own server instance if you really want, so you wouldn't be vulnerable to the security of a company. Though you'd instead be vulnerable to your network's security, so you should probably only do that if you know how to properly secure a network.
No, by default in fact it does not (that would be insane). You have to enable it, and create an account and everything.
Also, if you do opt for the firefox password manager, use a secure key to encrypt it (that is not enabled by default either).
physical security, but if they have your device there's not much you can do, and the feds will use the $5 wrench method if they actually care about you
deleted by creator
They'll use "advanced interrogation techniques" to beat the passwords/access to your accounts out of you if they deem you a serious enough threat.
https://xkcd.com/538/
deleted by creator