Ugh. I just want to be able to use an external device (key) which uses digital signing on the device itself to log me in for every website. None of this stupid password bullshit, we should be leaving it in the past. It is basically an impossible task to use passwords securely, no matter how hard you try, there are always serious vulnerabilities.

I have a Yubikey Neo which is great, but it only works for a few sites. Mostly I have to use LastPass, which probably has the same vulnerability as you're describing here.