Trusted. Secure. Reliable.

Safeguarding your data is what we do. With proactive security and reliability as cornerstones of our mission.

“Understanding the LastPass architecture is the key to understanding why it's safe to trust them, why I trust them, and why I've completely switched my entire solution for managing passwords over to LastPass.”

Steve Gibson, Security Researcher at Gibson Research Corporation

Proven security model
Security is our mission at LastPass. At every step, we’ve designed LastPass to protect what you store, so you can trust it with your sensitive data.

SOC 2 Type 1 compliance

This detailed review of our controls and processes is a “gold standard” for confirming the security and reliability of LastPass.

Regular audits & pen tests

We engage trusted, world-class, third-party security firms to conduct routine audits and testing of the LastPass service and infrastructure.

Strong data encryption

Sensitive data is encrypted at the device level with AES-256 before syncing with TLS to protect from man-in-the-middle attacks.

Bug bounty program

Our bug bounty program incentivizes responsible disclosure and improvements to our service from top security researchers. Learn More

Reliable service

LastPass operates out of multiple, geo-distributed facilities that can handle all customer traffic for redundancy.

Transparent incident response

Our team reacts swiftly to reports of bugs or vulnerabilities and communicates transparently with our community.

Secure product architecture
LastPass is designed to keep sensitive data safe using a zero-knowledge security model.

Private Master Password

LastPass does not send or store the master password. We believe that if LastPass can’t access your data neither can hackers.

End-point encryption

Encryption happens exclusively at the device level before syncing to LastPass for safe storage, so only users can decrypt their data.

256-bit AES encryption

This algorithm is widely accepted as impenetrable – it’s the same encryption type utilized by banks and the military.

PBKDF2-SHA256 for brute-force attacks

We strengthen the master password and encryption key against large-scale, brute-force attacks by slowing down guesses.

Powerful security features
Businesses can take password security into their own hands with LastPass.

Multi-factor authentication

Add extra security by requiring a second login verification step with LastPass Authenticator or other top multi-factor services.

Centralized IT control

The admin dashboard gives visibility into password hygiene and over 100 configurable policies to improve security.

Password audits

Scan passwords in the vault to identify and replace any weak, reused, compromised, and old passwords.

Phishing protection

LastPass will only fill in passwords on the sites you’ve saved and have trusted.