Unlock more controls and instantly block unapproved apps with our newest feature, SaaS Protect—now part of Business Max.

Why trust Lastpass

Is LastPass Secure?

Yes, LastPass is more secure than ever. We've rebuilt our core technology, revamped our processes, and restructured our team to deliver a safer, more private, and user-friendly experience—leaving no stone unturned.

Learn more

What has LastPass done since the breach?

icon-s-light_illustrative_family-group-svg

People

LastPass strengthened its security leadership and launched two specialized teams—POST to protect privacy and prevent fraud, and TIME to deliver threat intelligence and stay ahead of evolving security threats.

Learn more
icon-s-light_illustrative_compliance-svg

Process

LastPass completed a full security audit, strengthened access controls, and maintains top industry certifications including SOC2 Type II, ISO 27001, SOC3, BSI C5, TRUSTe, and an Independent Security Review by Google Play.

Learn more
icon-s-light_illustrative_secure-deployment-lock-svg

Technology

LastPass transitioned to a purpose-built, secure cloud platform, designed and deployed a new secure software factory, and implemented advanced security tooling across its newly established development and production environments.

Learn more
illustration_6col_business-vault-device-sync-svg

Entirely new, entirely secure

In the process of becoming a standalone company, we have seized the opportunity to re-imagine and build a new LastPass from the ground up, leaving no stone unturned. We committed to a multi-year, multi-million-dollar investment in security across people, processes, and technology.

From major infrastructure improvements to hiring top security experts to implementing new security protocols - all efforts are geared towards building a strong and more secure foundation.

Learn more
illustration_6col_zero-knowledge-old-scheme-svg

Core Security Upgrades

To deliver stronger protection and earn lasting trust, LastPass has implemented foundational security upgrades across infrastructure, encryption, and access control.

  • Strengthened device, cloud, and endpoint security through enhanced monitoring, advanced detection and prevention controls, new cloud posture management, and upgraded endpoint protection.
  • PBKDF2 iterations increased to 600,000 for stronger password hashing.
  • Primary URL encryption in vaults to enhance privacy and support zero-knowledge security.
  • AES-GCM-256 encryption adopted; legacy cipher modes retired.
  • Secure software factory implemented with SBOM tracking and SLSA compliance.

See what sets LastPass apart

Explore the features, security innovations, and trusted performance that make LastPass the go-to solution for individuals and businesses worldwide—backed by industry-leading technology, a zero-knowledge architecture, and a commitment to continuous improvement.

Compare LastPass
illustration_100large-card_compare-lastpass-svg
illustration_6col_business-saas-protect-svg

Future-ready, security-driven

LastPass is going beyond passwords to help businesses manage access with less hassle and more control. Our Secure Access Experiences combine the password manager you trust with new tools that let you decide who can access what, based on your own policies. You’ll get better visibility into user activity, stronger security across your team, and fewer headaches for IT. Whether you're just starting out or managing a global workforce, LastPass makes secure access simple and affordable.

Learn about Secure Access Experiences
illustration_6col_lastpass-g2-grid-svg

Why you can trust LastPass today

  • The G2 leader in all password managers
  • Regular expert security audits
  • Top-tier security measures
  • Modern infrastructure & tools
  • Industry-leading threat intelligence
  • Transparent threat intelligence
Read our reviews on G2
Trust center

Want to see our security? Find the latest GRC updates here.

Visit Trust Center
illustration_100large-card_drata-compliance-svg
Compliance center

What is LastPass doing to stay compliant?

Find the latest certifications, policies and security documentation.

Visit Compliance Center
Responsible Disclosure Program

We partner with experts to enhance security

Our commitment to security is unwavering. We swiftly address vulnerabilities, supported by continuous reviews and insights from the security community.

Responsible disclosure program
Resources

Explore LastPass documentation

Consult the documentation on product-specific technical, organizational, and compliance measures.

View the library

Featured resources

illustration_resource-card_blog-2022-sec-update-2x-jpg
Blog

2022 security incident update

Details on the findings and actions from the completed investigation.

Read the blog post
illustration_resource-card_rec-sec-actions-2x-jpg
Support

Latest security updates

LastPass is prioritizing further investment in security, privacy, and operational best practices - review the latest progress.

Learn more
illustration_resource-card_karim-toubba-2x-jpg
Blog

From the CEO: A New Era for LastPass

Details on the evolution of LastPass and where we’re headed.

Read the blog post

View all resources

Trusted by companies and individuals everywhere

Millions

Customers secure their passwords with LastPass

Chrome and App Store rating

Based on 79,300+ reviews

Leader in Password Management

Based on 1,599+ reviews

100,000+

Businesses choose LastPass

logo_small-quote_distology-svg

“Our partners want to offer their customers comprehensive password management that easily and reliably enhances their security, allows security teams to focus on other time intensive security tasks, and is convenient enough for end users that their day-to-day work isn’t interrupted by password logins.”

Sarah Geary

Chief Commercial Officer @ Distology
icon_trust_stars-svg

“I use LastPass both corporately and personally. It allows me to securely store and share passwords with my family and co-workers in separate environments and happily generates random secure passwords for me, which prevents me from re-using the same one.”

Read full review

Erik Eckert

System administrator, MPE Engineering Ltd.
logo_small-quote_holt-cat-svg

“With over 350 applications for a team of 3500+ employees, our risk of exposure was high and in order to comfortably enable SSO, LastPass was a vital investment as it confirms every access point and login is protected.”



Tony Ledbetter

Senior IT Security Manager @ HOLT CAT
logo_trust-garden_litmos-svg
logo_trust-garden_handshakes-svg
logo_trust-garden_patagonia-svg
logo_trust-garden_hollard-svg
logo_trust-garden_hso-svg
logo_trust-garden_holt-cat-svg

Frequently asked questions

LastPass uses a zero-knowledge encryption system to protect your data. Your device encrypts and hashes your passwords locally before sending them to LastPass. When you need to log in, your encrypted data is returned and decrypted only on your device—never by LastPass.

No. With LastPass’s zero-knowledge model, your master password and everything stored in your vault—like login credentials, payment info, and secure notes—remain completely private and inaccessible to LastPass.

LastPass uses strong encryption techniques, including 256-bit AES and PBKDF2 with SHA-256 hashing and salting. Your master password is never stored in plain text, and only you know it. This ensures that only you can unlock your password vault.

LastPass remains secure and has made major upgrades to its infrastructure and security practices. These include moving to a secure cloud platform, deploying managed devices, enhancing its vault, and achieving ISO 27701 compliance. Dedicated teams now focus on privacy, threat intelligence, and customer protection, with real-time updates available through their Compliance Center.

LastPass is a widely used password manager. After a security incident in December 2022, the company has invested heavily in improving its systems and processes. It continues to offer secure tools for managing digital credentials for individuals and businesses. Learn more about what has been done to secure LastPass.

A password manager like LastPass is one of the safest options. It stores your credentials in an encrypted vault, allowing you to use strong, unique passwords for each account while simplifying password management.

While LastPass is a secure choice, other password managers may offer different features. The most important thing is to choose one with strong encryption, regular security audits, and good privacy practices. Regardless of the tool, using two-factor authentication and staying alert to phishing threats are key to staying secure.

The free version of LastPass has some limitations, such as syncing on only one device type and missing features like password sharing and emergency access. These are available in paid plans, which may be necessary for users needing more advanced functionality.

Learn more about why LastPass is loved by millions and recognized by experts

Don't see your questions here? Visit Support Center.