How are bookmarklets secure?

Bookmarklets have a random number embedded in them that is generated locally using JavaScript, and then that number is embedded into the bookmarklet's code (also with JavaScript). 

A hash is then created of that (which is also salted with your username) and sent to LastPass as a way to grab an encrypted copy of your key (encrypted with the locally created random number). Your actual key can then be decrypted from a login session with LastPass.com and the local 256-bit random number. This allows LastPass to offer this functionality while staying true to the privacy statement of never having access to your sensitive data.

This bookmarklet should be protected - never send it to LastPass - if combined with a LastPass login session it gets your key, so for security purposes we provide a way to 'recreate' your bookmarklet, which throws away the encrypted copy of your key and recreates it with a new random number (invaliding all existing bookmarklets).

Still Having Trouble?
Look for answers in our vibrant customer-to-customer community help forums.
Forums
View your account information and view the status of previously submitted support tickets.
View Tickets
Submit a support ticket and we'll get back to you as soon as we can!
New Ticket

Please review these answers to your question:

Still Having Trouble?
Look for answers in our vibrant customer-to-customer community help forums.
Forums
View your account information and view the status of previously submitted support tickets.
View Tickets
Submit a support ticket and we'll get back to you as soon as we can!
New Ticket

Browse through our FAQs: