We Can Help

How are bookmarklets secure?

Bookmarklets have a random number embedded in them that is generated locally using JavaScript, and then that number is embedded into the bookmarklet's code (also with JavaScript). 

A hash is then created of that (which is also salted with your username) and sent to LastPass as a way to grab an encrypted copy of your key (encrypted with the locally created random number). Your actual key can then be decrypted from a login session with LastPass.com and the local 256-bit random number. This allows LastPass to offer this functionality while staying true to the privacy statement of never having access to your sensitive data.

This bookmarklet should be protected - never send it to LastPass - if combined with a LastPass login session it gets your key, so for security purposes we provide a way to 'recreate' your bookmarklet, which throws away the encrypted copy of your key and recreates it with a new random number (invaliding all existing bookmarklets).

Still Having Trouble?
Look for answers in our vibrant customer-to-customer community help forums.


View your account information and view the status of previously submitted support tickets.


Submit a support ticket and we'll get back to you as soon as we can!

iPhone, BlackBerry, Android, Windows Mobile, Windows Phone, Symbian S60, iPad, Dolphin Browser, HP webOS, Bookmarklets, Automatic Fill, Portable Access, Security

Enter a few words explaining what you need help with

Please type your question in English

Please review these answers to your question:

Still Having Trouble?
Look for answers in our vibrant customer-to-customer community help forums.


View your account information and view the status of previously submitted support tickets.


Submit a support ticket and we'll get back to you as soon as we can!


Browse through our FAQs:

Do you have any Heartbleed questions?