Why trust Lastpass

Is LastPass Secure?

Yes, LastPass is more secure than ever. We've rebuilt our core technology, revamped our processes, and restructured our team to deliver a safer, more private, and user-friendly experience—leaving no stone unturned.

Learn more

What has LastPass done since the breach?

People

LastPass strengthened its security leadership and launched two specialized teams—POST to protect privacy and prevent fraud, and TIME to deliver threat intelligence and stay ahead of evolving security threats.

Learn more

Process

LastPass completed a full security audit, strengthened access controls, and maintains top industry certifications including SOC2 Type II, ISO 27001, SOC3, BSI C5, TRUSTe, and an Independent Security Review by Google Play.

Learn more

Technology

LastPass transitioned to a purpose-built, secure cloud platform, designed and deployed a new secure software factory, and implemented advanced security tooling across its newly established development and production environments.

Learn more

Entirely new, entirely secure

In the process of becoming a standalone company, we have seized the opportunity to re-imagine and build a new LastPass from the ground up, leaving no stone unturned. We committed to a multi-year, multi-million-dollar investment in security across people, processes, and technology.

From major infrastructure improvements to hiring top security experts to implementing new security protocols - all efforts are geared towards building a strong and more secure foundation.

Learn more

Core Security Upgrades

To deliver stronger protection and earn lasting trust, LastPass has implemented foundational security upgrades across infrastructure, encryption, and access control.

Strengthened device, cloud, and endpoint security through enhanced monitoring, advanced detection and prevention controls, new cloud posture management, and upgraded endpoint protection.
PBKDF2 iterations increased to 600,000 for stronger password hashing.
Primary URL encryption in vaults to enhance privacy and support zero-knowledge security.
AES-GCM-256 encryption adopted; legacy cipher modes retired.
Secure software factory implemented with SBOM tracking and SLSA compliance.

See what sets LastPass apart

Explore the features, security innovations, and trusted performance that make LastPass the go-to solution for individuals and businesses worldwide—backed by industry-leading technology, a zero-knowledge architecture, and a commitment to continuous improvement.

Compare LastPass

Future-ready, security-driven

LastPass is going beyond passwords to help businesses manage access with less hassle and more control. Our Secure Access Experiences combine the password manager you trust with new tools that let you decide who can access what, based on your own policies. You’ll get better visibility into user activity, stronger security across your team, and fewer headaches for IT. Whether you're just starting out or managing a global workforce, LastPass makes secure access simple and affordable.

Learn about Secure Access Experiences

Why you can trust LastPass today

The G2 leader in all password managers
Regular expert security audits
Top-tier security measures
Modern infrastructure & tools
Industry-leading threat intelligence
Transparent threat intelligence

Read our reviews on G2

Trust center

Want to see our security? Find the latest GRC updates here.

Visit Trust Center

Compliance center

What is LastPass doing to stay compliant?

Find the latest certifications, policies and security documentation.

Visit Compliance Center

Responsible Disclosure Program

We partner with experts to enhance security

Our commitment to security is unwavering. We swiftly address vulnerabilities, supported by continuous reviews and insights from the security community.

Responsible disclosure program

Resources

Explore LastPass documentation

Consult the documentation on product-specific technical, organizational, and compliance measures.

View the library

Featured resources

Post del blog

2022 security incident update

Details on the findings and actions from the completed investigation.

Read the blog post

Support

Latest security updates

LastPass is prioritizing further investment in security, privacy, and operational best practices - review the latest progress.

Learn more

Post del blog

From the CEO: A New Era for LastPass

Details on the evolution of LastPass and where we’re headed.

Read the blog post

View all resources

Scelto da aziende e privati di tutto il mondo

Milioni

I clienti che proteggono le proprie password con LastPass

Valutazione su App Store e Chrome Web Store

sulla base di oltre 79.300 recensioni

Leader nella gestione delle password

sulla base di oltre 1.599 recensioni

Più di 100.000

Le aziende che scelgono LastPass

«I nostri partner vogliono offrire ai loro clienti una gestione completa delle password che ne rafforzi la sicurezza in modo semplice e affidabile, consenta ai team IT di concentrarsi su altre attività di sicurezza più complesse e, al contempo, sia così pratica per gli utenti da non rallentarne la produttività con le procedure di autenticazione.»

Sarah Geary

Direttrice commerciale, Distology

«Uso LastPass sia in azienda che nella vita privata. Mi permette di salvare e condividere le password in totale sicurezza con familiari e colleghi mantenendole in ambienti separati. Inoltre, si occupa volentieri di creare password sicure e casuali al posto mio, evitandomi così di riutilizzare sempre la stessa.»

Leggi la recensione completa

Erik Eckert

Amministratore di sistema, MPE Engineering Ltd.

«A fronte di un team composto da più di 3500 dipendenti che fanno uso di oltre 350 applicazioni, i rischi per la nostra sicurezza IT erano decisamente elevati. LastPass ci ha aiutato ad applicare l’SSO in modo funzionale, rivelandosi un investimento chiave perché assicura protezione a ogni accesso come a ogni singolo punto di ingresso.»  

Tony Ledbetter

Responsabile senior della sicurezza IT, HOLT CAT

Frequently asked questions

LastPass uses a zero-knowledge encryption system to protect your data. Your device encrypts and hashes your passwords locally before sending them to LastPass. When you need to log in, your encrypted data is returned and decrypted only on your device—never by LastPass.

No. With LastPass’s zero-knowledge model, your master password and everything stored in your vault—like login credentials, payment info, and secure notes—remain completely private and inaccessible to LastPass.

LastPass uses strong encryption techniques, including 256-bit AES and PBKDF2 with SHA-256 hashing and salting. Your master password is never stored in plain text, and only you know it. This ensures that only you can unlock your password vault.

LastPass remains secure and has made major upgrades to its infrastructure and security practices. These include moving to a secure cloud platform, deploying managed devices, enhancing its vault, and achieving ISO 27701 compliance. Dedicated teams now focus on privacy, threat intelligence, and customer protection, with real-time updates available through their Compliance Center.

LastPass is a widely used password manager. After a security incident in December 2022, the company has invested heavily in improving its systems and processes. It continues to offer secure tools for managing digital credentials for individuals and businesses. Learn more about what has been done to secure LastPass.

A password manager like LastPass is one of the safest options. It stores your credentials in an encrypted vault, allowing you to use strong, unique passwords for each account while simplifying password management.

While LastPass is a secure choice, other password managers may offer different features. The most important thing is to choose one with strong encryption, regular security audits, and good privacy practices. Regardless of the tool, using two-factor authentication and staying alert to phishing threats are key to staying secure.

The free version of LastPass has some limitations, such as syncing on only one device type and missing features like password sharing and emergency access. These are available in paid plans, which may be necessary for users needing more advanced functionality.

Learn more about why LastPass is loved by millions and recognized by experts

Why trust Lastpass

Is LastPass Secure?

What has LastPass done since the breach?

People

Process

Technology

Entirely new, entirely secure

Core Security Upgrades

See what sets LastPass apart

Future-ready, security-driven

Why you can trust LastPass today

Want to see our security? Find the latest GRC updates here.

What is LastPass doing to stay compliant?

We partner with experts to enhance security

Explore LastPass documentation

Featured resources

2022 security incident update

Latest security updates

From the CEO: A New Era for LastPass

Scelto da aziende e privati di tutto il mondo

Milioni

Più di 100.000

Frequently asked questions

How does LastPass securely store passwords?

Does LastPass have access to my passwords?

How does LastPass encryption work?

Is LastPass no longer safe?

What is the deal with LastPass?

Where is the safest place to keep passwords?

What's more secure than LastPass?

What are the disadvantages of LastPass?

Don't see your questions here? Visit Support Center.