I use lastpass, it's a great product.

Doesnt seem a great idea. When it gets hacked they get all your passwords.

LastPass encrypts all of the passwords client side. Assuming you use a strong enough passphrase it shouldn't matter if LastPass gets hacked.

Twitter uses bcrypt, so in theory this hack should also be nothing to worry about.

is there an alternative where this is not the case?

My own solution is to have two different passwords for everything - one for banking and credit cards, another for crap like twitter/linkedin. I haven't changed my passwords for years (no point really, as you're likely to have the breaking as soon as they get your password).

I think there are risks with all solutions to the password problem.