Why trust Lastpass

Is LastPass Secure?

Yes, LastPass is more secure than ever. We've rebuilt our core technology, revamped our processes, and restructured our team to deliver a safer, more private, and user-friendly experience—leaving no stone unturned.

Learn more

What has LastPass done since the breach?

People

LastPass strengthened its security leadership and launched two specialized teams—POST to protect privacy and prevent fraud, and TIME to deliver threat intelligence and stay ahead of evolving security threats.

Learn more

Process

LastPass completed a full security audit, strengthened access controls, and maintains top industry certifications including SOC2 Type II, ISO 27001, SOC3, BSI C5, TRUSTe, and an Independent Security Review by Google Play.

Learn more

Technology

LastPass transitioned to a purpose-built, secure cloud platform, designed and deployed a new secure software factory, and implemented advanced security tooling across its newly established development and production environments.

Learn more

Entirely new, entirely secure

In the process of becoming a standalone company, we have seized the opportunity to re-imagine and build a new LastPass from the ground up, leaving no stone unturned. We committed to a multi-year, multi-million-dollar investment in security across people, processes, and technology.

From major infrastructure improvements to hiring top security experts to implementing new security protocols - all efforts are geared towards building a strong and more secure foundation.

Learn more

Core Security Upgrades

To deliver stronger protection and earn lasting trust, LastPass has implemented foundational security upgrades across infrastructure, encryption, and access control.

Strengthened device, cloud, and endpoint security through enhanced monitoring, advanced detection and prevention controls, new cloud posture management, and upgraded endpoint protection.
PBKDF2 iterations increased to 600,000 for stronger password hashing.
Primary URL encryption in vaults to enhance privacy and support zero-knowledge security.
AES-GCM-256 encryption adopted; legacy cipher modes retired.
Secure software factory implemented with SBOM tracking and SLSA compliance.

See what sets LastPass apart

Explore the features, security innovations, and trusted performance that make LastPass the go-to solution for individuals and businesses worldwide—backed by industry-leading technology, a zero-knowledge architecture, and a commitment to continuous improvement.

Compare LastPass

Future-ready, security-driven

LastPass is going beyond passwords to help businesses manage access with less hassle and more control. Our Secure Access Experiences combine the password manager you trust with new tools that let you decide who can access what, based on your own policies. You’ll get better visibility into user activity, stronger security across your team, and fewer headaches for IT. Whether you're just starting out or managing a global workforce, LastPass makes secure access simple and affordable.

Learn about Secure Access Experiences

Why you can trust LastPass today

The G2 leader in all password managers
Regular expert security audits
Top-tier security measures
Modern infrastructure & tools
Industry-leading threat intelligence
Transparent threat intelligence

Read our reviews on G2

Trust center

Want to see our security? Find the latest GRC updates here.

Visit Trust Center

Compliance center

What is LastPass doing to stay compliant?

Find the latest certifications, policies and security documentation.

Visit Compliance Center

Responsible Disclosure Program

We partner with experts to enhance security

Our commitment to security is unwavering. We swiftly address vulnerabilities, supported by continuous reviews and insights from the security community.

Responsible disclosure program

Resources

Explore LastPass documentation

Consult the documentation on product-specific technical, organizational, and compliance measures.

View the library

Featured resources

Post do Blog

2022 security incident update

Details on the findings and actions from the completed investigation.

Read the blog post

Support

Latest security updates

LastPass is prioritizing further investment in security, privacy, and operational best practices - review the latest progress.

Learn more

Post do Blog

From the CEO: A New Era for LastPass

Details on the evolution of LastPass and where we’re headed.

Read the blog post

View all resources

Já conquistamos a confiança de empresas e pessoas no mundo todo

Milhões

de clientes protegem suas senhas com o LastPass

Classificação na Chrome Web Store e na App Store

Com base em mais de 79.300 avaliações

Líder em gerenciamento de senhas

Com base em mais de 1.599 avaliações

Mais de 100.000

empresas contam com o LastPass

“Nossos parceiros querem oferecer aos clientes um gerenciamento de senhas abrangente que intensifique a segurança de maneira fácil e confiável, permita que as equipes de segurança se concentrem em outras tarefas de segurança que demandam tempo e seja conveniente o suficiente para que o trabalho cotidiano dos usuários não seja interrompido por logins com senha.”

Sarah Geary

Diretora Comercial da Distology

“Eu uso o LastPass tanto no trabalho quanto na vida pessoal. Com ele, eu tenho segurança para armazenar e compartilhar senhas com a minha família e com meus colegas em ambientes separados. Além disso, adoro poder gerar senhas aleatórias e superseguras, garantindo que eu não caia na tentação de reutilizar a mesma senha.”

Leia a análise completa

Erik Eckert

Administrador de sistemas, MPE Engineering Ltd.

"Com mais de 350 aplicativos para uma equipe de mais de 3.500 colaboradores, nosso risco de exposição era alto e, para ativar tranquilamente o SSO, o LastPass foi um investimento vital, pois ele confirma que cada ponto de acesso e login está protegido."  

Tony Ledbetter

Gerente sênior de Segurança de TI da HOLT CAT

Frequently asked questions

LastPass uses a zero-knowledge encryption system to protect your data. Your device encrypts and hashes your passwords locally before sending them to LastPass. When you need to log in, your encrypted data is returned and decrypted only on your device—never by LastPass.

No. With LastPass’s zero-knowledge model, your master password and everything stored in your vault—like login credentials, payment info, and secure notes—remain completely private and inaccessible to LastPass.

LastPass uses strong encryption techniques, including 256-bit AES and PBKDF2 with SHA-256 hashing and salting. Your master password is never stored in plain text, and only you know it. This ensures that only you can unlock your password vault.

LastPass remains secure and has made major upgrades to its infrastructure and security practices. These include moving to a secure cloud platform, deploying managed devices, enhancing its vault, and achieving ISO 27701 compliance. Dedicated teams now focus on privacy, threat intelligence, and customer protection, with real-time updates available through their Compliance Center.

LastPass is a widely used password manager. After a security incident in December 2022, the company has invested heavily in improving its systems and processes. It continues to offer secure tools for managing digital credentials for individuals and businesses. Learn more about what has been done to secure LastPass.

A password manager like LastPass is one of the safest options. It stores your credentials in an encrypted vault, allowing you to use strong, unique passwords for each account while simplifying password management.

While LastPass is a secure choice, other password managers may offer different features. The most important thing is to choose one with strong encryption, regular security audits, and good privacy practices. Regardless of the tool, using two-factor authentication and staying alert to phishing threats are key to staying secure.

The free version of LastPass has some limitations, such as syncing on only one device type and missing features like password sharing and emergency access. These are available in paid plans, which may be necessary for users needing more advanced functionality.

Learn more about why LastPass is loved by millions and recognized by experts

Why trust Lastpass

Is LastPass Secure?

What has LastPass done since the breach?

People

Process

Technology

Entirely new, entirely secure

Core Security Upgrades

See what sets LastPass apart

Future-ready, security-driven

Why you can trust LastPass today

Want to see our security? Find the latest GRC updates here.

What is LastPass doing to stay compliant?

We partner with experts to enhance security

Explore LastPass documentation

Featured resources

2022 security incident update

Latest security updates

From the CEO: A New Era for LastPass

Já conquistamos a confiança de empresas e pessoas no mundo todo

Milhões

Mais de 100.000

Frequently asked questions

How does LastPass securely store passwords?

Does LastPass have access to my passwords?

How does LastPass encryption work?

Is LastPass no longer safe?

What is the deal with LastPass?

Where is the safest place to keep passwords?

What's more secure than LastPass?

What are the disadvantages of LastPass?

Don't see your questions here? Visit Support Center.