'form-filled data' includes 'Payment cards' section I believe, which should then make securing your cards an even larger priority than having to change your passwords
From what I understand, yes. PBKDF2 is the algorithm that goes from password->key. This key is then used to encrypt the vault. Guessing the key itself is impossibly difficult. Attackers will instead try to guess the password, run their guess through several thousand rounds of PBKDF2, and attempt to use those keys to decrypt the vault.
The algorithm is designed to be run in iterations to be tunable. more rounds takes a lot longer. this makes for both a slower login, but also slower brute-force attempts for the attacker. The attacker can likely still generate guesses in parallel, but each individual password guess will take considerably longer against more iterations.
Lastpass changed the old default for a good reason. I'm surprised they didn't update all accounts to at least the new default.
It means the master password can be brute-forced about 20 times faster, so about effectively a loss of about 5 bits of security, compared to an account where the number of iterations is actually 100K.
