“Understanding the LastPass architecture is the key to understanding why it's safe to trust them, why I trust them, and why I've completely switched my entire solution for managing passwords over to LastPass.”
Users create an account with an email address and a strong master password to locally-generate their unique encryption key.
We've implemented AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud.
User data is encrypted and decrypted at the device level. Data stored in the vault is kept secret, even from LastPass.
The user’s master password, and the keys used to encrypt and decrypt user data, are never sent to LastPass’ servers, and are never accessible by LastPass.
LastPass uses SSL for secure data transfer between a device and the servers, adding another layer of protection to the encrypted data blob.
Two-factor (multifactor) authentication adds extra security to LastPass accounts by requiring a second login step before authorizing the user.
PBKDF2 is a leading hashing algorithm to strengthen the master password and encryption key against large-scale, brute-force attacks.
When storing passwords, convenient and reliable access is critical. LastPass ensures passwords are securely available when and where they’re needed.
Remove the burden of remembering and typing passwords, and use the password generator to create unique passwords for every account.
LastPass is built to ensure no down time and eliminate single-point-of-failure.
Our data centers hold all required certifications, including SOC1 Report - SSAE 16 and ISAE 3402.
Encrypted backups, both local and off-site, are made daily.
We’re committed to providing a quality service and continuing to improve LastPass Enterprise through third-party audits. LastPass has engaged third-party security firms for regular reviews of the service. Our customers perform audits too, which we invite and facilitate.