There’s been a recent event at LastPass and users have potentially lost their passwords. Honestly, I wonder why would anyone ever store their passwords anywhere, much less in the Cloud?
Good security practice dictates that passwords should never be stored at all. Period.
While we should use random passwords with different ones for different sites, and it is difficult for users to remember so many meaningless passwords across so many different sites, it is no excuse to store passwords.
IMHO, the ideal solution for this would be to use generated passwords. These passwords could be generated from multiple secrets that are known only to each individual, but not to everyone. Think of it has having different parts of a dollar.
One example would be to use something like password hash, which would generate the password based on the website domain name and a known secret. Try it out and you’ll see.
There are more complex schemes that can be invented if necessary but the idea is there – don’t store the passwords anywhere – generate passwords on-the-fly.