Trusted. Secure. Reliable.

Safeguarding your data is what we do, with proactive security and reliability as cornerstones of our mission.

A foundation of security

Security is our mission at LastPass. At every step, we've designed LastPass to protect what you store, so you can trust it with your sensitive data.

soc-2-Type-2-compliance-icons-svg

Cumplimiento de la normativa SOC 2 tipo 2

El nivel de calidad de nuestros controles y procesos convierte a LastPass en un auténtico referente en materia de seguridad y fiabilidad.

regular-audits-pen-tests-icons-svg

Auditorías periódicas y pruebas de penetración

Colaboramos con empresas de seguridad externas fiables de primera línea para realizar auditorías rutinarias y pruebas del servicio y la infraestructura de LastPass.

strong-data-encryption-icons-blue-right-svg

Cifrado de datos potente

Los datos confidenciales se cifran en el dispositivo con AES-256 antes de la sincronización con TLS como protección contra atacantes en ruta.

bug-bounty-program-icons-blue-left-svg

Programa de recompensas por la localización de errores

Nuestro programa de recompensas por la localización de errores incentiva la revelación de responsables y las mejoras en nuestro servicio gracias a los mejores analistas de seguridad.

reliable-service-icons-yellow-left-svg

Fiabilidad del sistema

LastPass presta servicio desde varios centros repartidos por todo el planeta que pueden gestionar todo el tráfico de los clientes para garantizar la máxima redundancia.

transparent-incident-response-icons-icons-green-svg

Respuesta transparente a incidencias

Nuestro equipo reacciona con rapidez ante los informes de errores o vulnerabilidades y se comunica de manera transparente con la comunidad.

The basics of zero-knowledge encryption

Zero-knowledge encryption is a method, including industry-standard algorithms, on which LastPass is built. It means the only person who uses or knows your Master Password is you. This method applies encryption and hashing with salting to generate an encryption key used to encrypt (or decrypt) your vault, where your passwords are stored.

Your vault is only encrypted or decrypted locally on your device once you have entered your Master Password correctly. Moreover, LastPass does not have access to your unencrypted vault or the passwords stored inside it.

How LastPass protects your Master Password

img-hero-affiliate-jpg

Encryption

A two-way function that converts plaintext (like your Master Password) to unreadable text. LastPass encrypts your vault data to protect it from bad actors.

Hashing

One-way function that converts data – like your plaintext Master Password – to a unique, unreadable output called a hash. The hash is stored server side for authentication purposes.

Salting a hash

Salting takes one input, like your Master Password or an authentication hash, and makes it more unique – harder to match. Salt values are different for every user and input. Through derivation, your encryption key is derived from your Master Password. This key will always be the same value if your input, your Master Password, has been entered correctly.

Protecting you against server-side attacks

Remember that the zero-knowledge encryption works by separating your unencrypted data from our servers. Think of it as the client vs. the server:

  • The client is you, particularly the devices you use to access LastPass.
  • The server is LastPass, specifically our servers, which are stored in the cloud.

LastPass uses 256-bit AES encryption/decryption and PBKDF2 derivation function with a secure hash (SHA256), with salting, to transform your Master Password into an encryption key, and then into an authentication hash. The authentication hash appropriately authenticates by ensuring your plaintext Master Password matches the derived authentication hash stored on the server.

Zero-knowledge encryption works by ensuring your Master Password and vault data are not stored on our servers in plaintext form.

If LastPass servers were ever compromised, your vault data would be undecipherable and useless to a hacker. Your Master Password and vault data would remain inaccessible and unknown to everyone but you.

Hay ataques todos los días. Protéjase con LastPass.

Pruebe LastPass Premium gratis durante 30 días y LastPass Business durante 14 días. No se necesita tarjeta de crédito.