Have you considered SAML in those situations?
I stopped using LastPass a few years ago when their entire database was compromised. In the interim, I’ve been using KeePassX both personally and professionally, but recently joined OneLogin, a leader SAML auth provider.
When SAML is supported — and it is with a growing number of services — there is no password, only a token linked to OneLogin and optionally protected by a One-Time Password device.
I hate to sound advertisy, I just randomly stumbled on your blog post browsing LinkedIn today and I wouldn’t have joined OneLogin if it wasn’t a pretty neat app that addresses a problem I’ve often encountered in Operations.
I just got an iPad mini and have been enjoying our app there..