That's your first mistake right there.  I transfer all coins off of those wallets immediately as soon as I can.  

As for LastPass, I use it to store 1/2 of password, which is a 15-25 digit string.  The other half is one of several phrases that only I know which are indicated as a bit of text/numbers embedded in the stored password that get substituded out.  

So even if lastpass was broken into, they'd still have between 62^5 and 62^10 combinations to try to get to the completed pass.  I store the back-up wallet in a cloud drive using a variation of the password scheme I just told you.  

Ideally, I should also be storing this methodology (along with wallet back-ups) with a family member or lawyer in case I die, and keep the lastpass passwords in another location on a piece of paper that you would know but wouldn't make sense to others (or a bank vault like most people) in case lastpass goes kerplut - and my half of the pass phrases with someone I trust.

And to be honest, with the amount of coins I have right now, a crook could get more money by surprising me with a pipe-iron.