How does LastPass protect my account when passwords from other sites are leaked?

When passwords are leaked from other sites, LastPass runs the data through scripts that simulate a login attempt with the leaked username and password. The script performs the standard PBKDF2 hashing that happens on the client everytime you login. We then compare the result to the password hash stored in the database.

If you reused your master password with this site, the hash will match and our scripts will immediately disable your account and send you an email.

Still Having Trouble?
Look for answers in our vibrant customer-to-customer community help forums.
Forums
View your account information and view the status of previously submitted support tickets.
View Tickets
Submit a support ticket and we'll get back to you as soon as we can!
New Ticket

Please review these answers to your question:

Still Having Trouble?
Look for answers in our vibrant customer-to-customer community help forums.
Forums
View your account information and view the status of previously submitted support tickets.
View Tickets
Submit a support ticket and we'll get back to you as soon as we can!
New Ticket

Browse through our FAQs:

Quantcast