I've used Lastpass for years. I find it essential now as it also ensures I have a different password for each site. Too many people re-use passwords. You should use two-factor too, but I don't think that's viable for Steem. Any other site that wants you to sign into your Steem account should really be using Steemconnect