How do I check and update my iteration count?
To increase the security of your master password, LastPass utilizes a stronger-than-typical version of Password-Based Key Derivation Function (PBKDF2) at a minimum of 600,000 rounds (for new accounts and those who update their existing iteration count). You can view and change your master password iterations value to suit your needs and/or for troubleshooting in your vault’s account settings.
Does LastPass store my master password?
No. Due to the zero-knowledge architecture, a user’s master password is never known to LastPass and is not stored or maintained by LastPass.
Where do I report potential vulnerabilities?
To make it as easy as possible for customers to flag security concerns, we offer a direct path to LastPass to report these issues. Customers with a security concern should report it via email to securitydisclosure@lastpass.com, where it will be escalated to the threat intelligence team.
In addition to our own direct responsible disclosure program, LastPass participates in a bug bounty program, hosted at BugCrowd, to facilitate the work that security researchers do to find and responsibly disclose qualifying security bugs.
For further details and terms check LastPass responsible disclosure.
What is LastPass doing to improve security further?
Looking forward, LastPass has prioritized investment in security and privacy across our platform, infrastructure, and endpoints, and we made the details of this investment public on our Support Center. This includes future plans to encrypt URL and URL-related fields in the vault, implement stricter master password requirements, enhancements to cryptographic methods (Argon2), and more.
Don't see your questions here? Visit Support Center.
