But once you did that it wouldn't be stateless anymore as you'd need to connect to their server every time to check on the state of that site's password. This makes it not that much different from traditional online managers where you have to connect to the site to retrieve the password.
There is still the benefit that the passwords can't be exposed by a compromise of the service. Presumably it doesn't store your master password anywhere, so all they'd get is the site and counter info.
You also have the option save this profile db locally, or store it yourself manually in a txt file if you really care. That's also necessary if a certain site has password restrictions.
But then you have to remember the counter setting for that website. So it's almost the same problem; I could just add a 1 to the end of my master password for that website.
I've just installed it and haven't yet used it, but as far as I can tell from the docs, the counter is stored as part of the syncable profile for a site.
The profile is also used to store other site-specific attributes, like if it has some weird password rule that requires pure alphanumeric or a specific password length.
No, the counter would be saved by LessPass. Every time you look up the password for that site, it'll already know what the counter is set to for that site.
This blog post[0] shows how LessPass lets you change passwords per site, and get around tricky password requirements.
