Security

Security starts at home: How we secure LastPass

Before we secure your business, we secure ours with rigorous internal controls that demonstrate our commitment to total security and total trust.

Device & Endpoint Protection

Securing every device we use

illustration_100large-lifestyle-secure-devices-svg

Web filtering

We use tools to block risky web categories across all corporate devices, ensuring consistent protection against malware and data loss no matter where our teams work.

Endpoint protection

We use multiple EDR solutions to monitor work devices 24/7, enabling rapid threat detection and containment through managed detection and response. Additionally, we deny access to corporate systems from personal devices.

Device encryption

All corporate devices are encrypted using BitLocker or FileVault, ensuring the protection of data in our devices.

System hardening

We use CIS best-practice benchmarks for the hardening of our corporate devices, MDM software to enforce security policies, and vulnerability management software to detect and address common vulnerabilities and exposures (CVEs).

Vulnerability treatment & patching

Our patching cycles prioritize high-risk applications, guided by analytics and threat intelligence to ensure targeted, effective remediation.

Identity & Access Management

Controlling access with precision

illustration_100large-lifestyle-access-control-svg

Privileged access management

Every elevation requires a documented business justification and is continuously monitored by compensating controls to detect and respond to any abnormal behavior.

Conditional access & OS authentication

We block logins from high-risk regions and unauthorized devices, enforcing phishing-resistant MFA via the use of hardware tokens across platforms.

Network access protection

We make use of a leading SASE solution with micro-segmentation and role-based access to backend, strengthened by conditional access policies which validate security posture before access is allowed.

Role-based micro-segmentation

Access to backend systems is tightly segmented by user role, ensuring employees only reach the environments and data necessary for their responsibilities.

Monitoring, Response & Data Protection

Proactive defense, continuous vigilance

illustration_100large-lifestyle-proactive-defense-svg

Monitoring & response

Our global SOC teams operate around the clock, supported by 300+ analytics and automation tools that accelerate response and enrich incident context—ensuring 24/7 coverage for critical threats.

Data loss prevention

We keep evolving our DLP program, with improved blocking, detection and response analytics as a continuous effort.

External risk protection

We continuously monitor for external threats like leaked credentials, impersonation attempts, and other malicious behavior to stay ahead of risks before they escalate. We proactively disrupt phishing campaigns and alert customers to help them stay vigilant.

Trust center

Want to see our security? Find the latest GRC updates here.

Visit Trust Center
illustration_100large-card_drata-compliance-svg
Compliance center

What is LastPass doing to stay compliant?

Find the latest certifications, policies and security documentation.

Visit Compliance Center
Responsible Disclosure Program

We partner with experts to enhance security

Our commitment to security is unwavering. We swiftly address vulnerabilities, supported by continuous reviews and insights from the security community.

Responsible disclosure program
Resources

Explore LastPass documentation

Consult the documentation on product-specific technical, organizational, and compliance measures.

View the library

Trusted by companies and individuals everywhere

Millions

Customers secure their passwords with LastPass

Chrome and App Store rating

Based on 79,300+ reviews

Leader in Password Management

Based on 1,599+ reviews

100,000+

Businesses choose LastPass

logo_small-quote_distology-svg

“Our partners want to offer their customers comprehensive password management that easily and reliably enhances their security, allows security teams to focus on other time intensive security tasks, and is convenient enough for end users that their day-to-day work isn’t interrupted by password logins.”

Sarah Geary

Chief Commercial Officer @ Distology
icon_trust_stars-svg

“I use LastPass both corporately and personally. It allows me to securely store and share passwords with my family and co-workers in separate environments and happily generates random secure passwords for me, which prevents me from re-using the same one.”

Read full review

Erik Eckert

System administrator, MPE Engineering Ltd.
logo_small-quote_holt-cat-svg

“With over 350 applications for a team of 3500+ employees, our risk of exposure was high and in order to comfortably enable SSO, LastPass was a vital investment as it confirms every access point and login is protected.”



Tony Ledbetter

Senior IT Security Manager @ HOLT CAT
logo_trust-garden_litmos-svg
logo_trust-garden_handshakes-svg
logo_trust-garden_patagonia-svg
logo_trust-garden_hollard-svg
logo_trust-garden_hso-svg
logo_trust-garden_holt-cat-svg