Trusted. Secure. Reliable.

Safeguarding your data is our top priority, with proactive security and reliability as cornerstones of our mission.

“Understanding the LastPass architecture is the key to understanding why it's safe to trust them, why I trust them, and why I've completely switched my entire solution for managing passwords over to LastPass.”

Steve Gibson, Security Researcher

Designed for Security.
LastPass uses leading technologies to secure data and protect user privacy. Our zero-knowledge solution ensures only you have access to your data.

Secure Account Creation

Users create an account with an email address and a strong master password to locally-generate their unique encryption key.

Leading Encryption Algorithms

We've implemented AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud.

Local-Only Encryption

User data is encrypted and decrypted at the device level. Data stored in the vault is kept secret, even from LastPass.

Private Master Password

The user’s master password, and the keys used to encrypt and decrypt user data, are never sent to LastPass’ servers, and are never accessible by LastPass.

Transport Layer Encryption

LastPass uses SSL for secure data transfer between a device and the servers, adding another layer of protection to the encrypted data blob.

Two-Factor Authentication

Two-factor (multifactor) authentication adds extra security to LastPass accounts by requiring a second login step before authorizing the user.

PBKDF2 SHA-256

PBKDF2 is a leading hashing algorithm to strengthen the master password and encryption key against large-scale, brute-force attacks.

Availability Everywhere

When storing passwords, convenient and reliable access is critical. LastPass ensures passwords are securely available when and where they’re needed.

Strong, Random Passwords

Remove the burden of remembering and typing passwords, and use the password generator to create unique passwords for every account.

High-Availability Architecture.
Reliability is key when depending on a solution that provides access to all other apps and services.

Full Redundancy

LastPass is built to ensure no down time and eliminate single-point-of-failure.

Certified Data Centers

Our data centers hold all required certifications, including SOC1 Report - SSAE 16 and ISAE 3402.

Automated Backups

Encrypted backups, both local and off-site, are made daily.

Bug Bounty Program.
LastPass participates in a formal bug bounty program managed through Bugcrowd. The Bugcrowd platform allows us to tap into the community of thousands of security researchers to help us improve the service. Through the program we work with Whitehats who find and responsibly disclose qualifying security vulnerabilities.
Learn More
Regular Third-Party Audits.

We’re committed to providing a quality service and continuing to improve LastPass Enterprise through third-party audits. LastPass has engaged third-party security firms for regular reviews of the service. Our customers perform audits too, which we invite and facilitate.

Previous:

Sharing

Next:

Enterprise Features