Why trust Lastpass

Is LastPass Secure?

Yes, LastPass is more secure than ever. We've rebuilt our core technology, revamped our processes, and restructured our team to deliver a safer, more private, and user-friendly experience—leaving no stone unturned.

Learn more

What has LastPass done since the breach?

People

LastPass strengthened its security leadership and launched two specialized teams—POST to protect privacy and prevent fraud, and TIME to deliver threat intelligence and stay ahead of evolving security threats.

Learn more

Process

LastPass completed a full security audit, strengthened access controls, and maintains top industry certifications including SOC2 Type II, ISO 27001, SOC3, BSI C5, TRUSTe, and an Independent Security Review by Google Play.

Learn more

Technology

LastPass transitioned to a purpose-built, secure cloud platform, designed and deployed a new secure software factory, and implemented advanced security tooling across its newly established development and production environments.

Learn more

Entirely new, entirely secure

In the process of becoming a standalone company, we have seized the opportunity to re-imagine and build a new LastPass from the ground up, leaving no stone unturned. We committed to a multi-year, multi-million-dollar investment in security across people, processes, and technology.

From major infrastructure improvements to hiring top security experts to implementing new security protocols - all efforts are geared towards building a strong and more secure foundation.

Learn more

Core Security Upgrades

To deliver stronger protection and earn lasting trust, LastPass has implemented foundational security upgrades across infrastructure, encryption, and access control.

Strengthened device, cloud, and endpoint security through enhanced monitoring, advanced detection and prevention controls, new cloud posture management, and upgraded endpoint protection.
PBKDF2 iterations increased to 600,000 for stronger password hashing.
Primary URL encryption in vaults to enhance privacy and support zero-knowledge security.
AES-GCM-256 encryption adopted; legacy cipher modes retired.
Secure software factory implemented with SBOM tracking and SLSA compliance.

See what sets LastPass apart

Explore the features, security innovations, and trusted performance that make LastPass the go-to solution for individuals and businesses worldwide—backed by industry-leading technology, a zero-knowledge architecture, and a commitment to continuous improvement.

Compare LastPass

Future-ready, security-driven

LastPass is going beyond passwords to help businesses manage access with less hassle and more control. Our Secure Access Experiences combine the password manager you trust with new tools that let you decide who can access what, based on your own policies. You’ll get better visibility into user activity, stronger security across your team, and fewer headaches for IT. Whether you're just starting out or managing a global workforce, LastPass makes secure access simple and affordable.

Learn about Secure Access Experiences

Why you can trust LastPass today

The G2 leader in all password managers
Regular expert security audits
Top-tier security measures
Modern infrastructure & tools
Industry-leading threat intelligence
Transparent threat intelligence

Read our reviews on G2

Trust center

Want to see our security? Find the latest GRC updates here.

Visit Trust Center

Compliance center

What is LastPass doing to stay compliant?

Find the latest certifications, policies and security documentation.

Visit Compliance Center

Responsible Disclosure Program

We partner with experts to enhance security

Our commitment to security is unwavering. We swiftly address vulnerabilities, supported by continuous reviews and insights from the security community.

Responsible disclosure program

Resources

Explore LastPass documentation

Consult the documentation on product-specific technical, organizational, and compliance measures.

View the library

Featured resources

Billet de blog

2022 security incident update

Details on the findings and actions from the completed investigation.

Read the blog post

Support

Latest security updates

LastPass is prioritizing further investment in security, privacy, and operational best practices - review the latest progress.

Learn more

Billet de blog

From the CEO: A New Era for LastPass

Details on the evolution of LastPass and where we’re headed.

Read the blog post

View all resources

Des entreprises et individus du monde entier lui font confiance

Millions

Clients qui protègent leurs mots de passe avec LastPass

Avis sur Chrome et l’AppStore

Basé sur 79300+ avis

Leader de la gestion des mots de passe

Basé sur plus de 1 599 évaluations

+ de 100 000

entreprises choisissent LastPass

« Nos partenaires souhaitent offrir à leurs clients une gestion exhaustive des mots de passe qui renforce leur sécurité de manière simple et fiable, permet à leurs équipes de sécurité de se concentrer sur les tâches de sécurité plus chronophages, et suffisamment commode pour que les utilisateurs finaux ne soient pas constamment interrompus par la saisie de mots de passe. »

Sarah Geary

Directrice commerciale chez Distology

« J’utilise LastPass à titre personnel et professionnel. Il me permet de stocker et de partager en toute sécurité mes mots de passe avec mes proches et mes collègues dans des environnements séparés, et il me génère volontiers des mots de passe aléatoires sûrs, ce qui m’évite de les réutiliser. »

Lire l’avis dans son intégralité

Erik Eckert

Administrateur système, MPE Engineering Ltd.

« Avec plus de 350 applications pour une équipe de plus de 3500 employés, le risque de piratage était élevé, et pour mettre en œuvre le SSO de manière viable, LastPass s’est avéré être un investissement vital, car il permet de protéger chaque point d’accès et tous les identifiants. »  

Tony Ledbetter

Responsable senior de la sécurité informatique chez HOLT CAT

Frequently asked questions

LastPass uses a zero-knowledge encryption system to protect your data. Your device encrypts and hashes your passwords locally before sending them to LastPass. When you need to log in, your encrypted data is returned and decrypted only on your device—never by LastPass.

No. With LastPass’s zero-knowledge model, your master password and everything stored in your vault—like login credentials, payment info, and secure notes—remain completely private and inaccessible to LastPass.

LastPass uses strong encryption techniques, including 256-bit AES and PBKDF2 with SHA-256 hashing and salting. Your master password is never stored in plain text, and only you know it. This ensures that only you can unlock your password vault.

LastPass remains secure and has made major upgrades to its infrastructure and security practices. These include moving to a secure cloud platform, deploying managed devices, enhancing its vault, and achieving ISO 27701 compliance. Dedicated teams now focus on privacy, threat intelligence, and customer protection, with real-time updates available through their Compliance Center.

LastPass is a widely used password manager. After a security incident in December 2022, the company has invested heavily in improving its systems and processes. It continues to offer secure tools for managing digital credentials for individuals and businesses. Learn more about what has been done to secure LastPass.

A password manager like LastPass is one of the safest options. It stores your credentials in an encrypted vault, allowing you to use strong, unique passwords for each account while simplifying password management.

While LastPass is a secure choice, other password managers may offer different features. The most important thing is to choose one with strong encryption, regular security audits, and good privacy practices. Regardless of the tool, using two-factor authentication and staying alert to phishing threats are key to staying secure.

The free version of LastPass has some limitations, such as syncing on only one device type and missing features like password sharing and emergency access. These are available in paid plans, which may be necessary for users needing more advanced functionality.

Learn more about why LastPass is loved by millions and recognized by experts

Why trust Lastpass

Is LastPass Secure?

What has LastPass done since the breach?

People

Process

Technology

Entirely new, entirely secure

Core Security Upgrades

See what sets LastPass apart

Future-ready, security-driven

Why you can trust LastPass today

Want to see our security? Find the latest GRC updates here.

What is LastPass doing to stay compliant?

We partner with experts to enhance security

Explore LastPass documentation

Featured resources

2022 security incident update

Latest security updates

From the CEO: A New Era for LastPass

Des entreprises et individus du monde entier lui font confiance

Millions

+ de 100 000

Frequently asked questions

How does LastPass securely store passwords?

Does LastPass have access to my passwords?

How does LastPass encryption work?

Is LastPass no longer safe?

What is the deal with LastPass?

Where is the safest place to keep passwords?

What's more secure than LastPass?

What are the disadvantages of LastPass?

Don't see your questions here? Visit Support Center.