Trusted. Secure. Reliable.

Safeguarding your data is what we do, with proactive security and reliability as cornerstones of our mission.

A foundation of security

Security is our mission at LastPass. At every step, we've designed LastPass to protect what you store, so you can trust it with your sensitive data.

soc-2-Type-2-compliance-icons-svg

Konformität mit SOC 2 Typ 2

Diese detaillierte Bewertung unserer Kontrollen und Prozesse ist der „Goldstandard“ für die Bestätigung der Sicherheit und Zuverlässigkeit von LastPass.

regular-audits-pen-tests-icons-svg

Regelmäßige Audits und Penetrationstests

Wir beauftragen vertrauenswürdige, unabhängige Sicherheitsfirmen von Weltrang damit, den LastPass-Dienst und unsere Infrastruktur routinemäßigen Prüfungen und Tests zu unterziehen.

strong-data-encryption-icons-blue-right-svg

Starke Datenverschlüsselung

Sensible Daten werden zum Schutz vor On-Path-Angreifern vor dem Synchronisieren mit TLS auf Geräteebene mit AES-256 verschlüsselt.

bug-bounty-program-icons-blue-left-svg

Bug-Bounty-Programm

Unser Bug-Bounty-Programm gibt Benutzern Anreize, gefundene Mängel und Schwachstellen auf verantwortungsbewusste Weise zu melden, sodass wir die nötigen Verbesserungsmaßnahmen ergreifen können.

reliable-service-icons-yellow-left-svg

Dienstzuverlässigkeit

Um für Redundanz zu sorgen, wird LastPass von mehreren geografisch verteilten Rechenzentren aus betrieben, wovon jedes den gesamten Datenverkehr unserer Kunden bewältigen kann.

transparent-incident-response-icons-icons-green-svg

Transparente Reaktion auf Vorfälle

Wenn uns Fehler oder Schwachstellen gemeldet werden, reagiert unser Team sofort und kommuniziert auf transparente Weise mit unserer Nutzergemeinde.

The basics of zero-knowledge encryption

Zero-knowledge encryption is a method, including industry-standard algorithms, on which LastPass is built. It means the only person who uses or knows your Master Password is you. This method applies encryption and hashing with salting to generate an encryption key used to encrypt (or decrypt) your vault, where your passwords are stored.

Your vault is only encrypted or decrypted locally on your device once you have entered your Master Password correctly. Moreover, LastPass does not have access to your unencrypted vault or the passwords stored inside it.

How LastPass protects your Master Password

img-hero-affiliate-jpg

Encryption

A two-way function that converts plaintext (like your Master Password) to unreadable text. LastPass encrypts your vault data to protect it from bad actors.

Hashing

One-way function that converts data – like your plaintext Master Password – to a unique, unreadable output called a hash. The hash is stored server side for authentication purposes.

Salting a hash

Salting takes one input, like your Master Password or an authentication hash, and makes it more unique – harder to match. Salt values are different for every user and input. Through derivation, your encryption key is derived from your Master Password. This key will always be the same value if your input, your Master Password, has been entered correctly.

Protecting you against server-side attacks

Remember that the zero-knowledge encryption works by separating your unencrypted data from our servers. Think of it as the client vs. the server:

  • The client is you, particularly the devices you use to access LastPass.
  • The server is LastPass, specifically our servers, which are stored in the cloud.

LastPass uses 256-bit AES encryption/decryption and PBKDF2 derivation function with a secure hash (SHA256), with salting, to transform your Master Password into an encryption key, and then into an authentication hash. The authentication hash appropriately authenticates by ensuring your plaintext Master Password matches the derived authentication hash stored on the server.

Zero-knowledge encryption works by ensuring your Master Password and vault data are not stored on our servers in plaintext form.

If LastPass servers were ever compromised, your vault data would be undecipherable and useless to a hacker. Your Master Password and vault data would remain inaccessible and unknown to everyone but you.

Tag für Tag kommt es zu Datendiebstählen. Schützen Sie sich mit LastPass.

Testen Sie LastPass Premium 30 Tage lang oder LastPass Business 14 Tage lang kostenlos. Keine Kreditkarte erforderlich.