Re: So they want me to trust an online service with all my passwords?
"You don't control your bank, but they still hold your online banking details...."
Yes, but if my bank were to be breached, only my banking information would be leaked. If Lastpass gets breached, -everything- gets leaked.
If one of my banks were to be breached, I would legal recourse and the bank would be required, by law, to either reverse any transactions in progress or to refund the stolen funds (FDIC requirement if its shown to be their fault for the breach). That is also assuming that they'd somehow gain access to my email account so they can get the tokens to authorize logins / transactions (Email is encrypted between the banks' and my email servers). And even then, I'd still be fine since only one of my bank accounts would be affected (I have a personal bank account for my day-to-day expenses, my retirement account that I can borrow against in an emergency, and my investment accounts; all of which are protected by various laws if the bank if found responsible).
All of those protections go away if the passwords were to be leaked by Lastpass which would include the details to all my bank accounts and the email accounts used for two-step authentication. Also, since its not the fault of the banks, they have no legal requirement to do anything (Other than re-issue my cards and reset my passwords after I report the problem). All I'd get from Lastpass is maybe a few free months of an identity theft protection service, a few months worth of free service and a letter from their PR team that is nothing more than "Sucks to be you" coated in diplomatic fluff.
I carry around an encrypted thumb drive (a 16-GB IronKey) on a chain around my neck with a portable copy of KeyPass(X) and a hardened version of FireFox for accessing security-sensitive websites. I figure that that level of protection is well beyond the level of effort someone would want to exert to acquire my passwords.