Passwort-Management für jedermann – an jedem Ort

LastPass is accessible on computers (MacOS, Windows, Linux, Safari, Chrome, Firefox, Edge) and mobile devices (iOS, WatchOS, and Android). Free users can only use LastPass on one device type (computer or mobile), while paid users have unlimited access.

Your LastPass vault secures your data on your trusted device through zero-knowledge encryption. Your device encrypts and hashes your passwords locally before sending them to LastPass servers. The next time you need to log in, LastPass returns your encrypted passwords – which are decrypted by your trusted device.

No, our zero-knowledge security model ensures your data remains yours: your master passwords and anything you store in your password vault – passwords, credit cards, mailing addresses, secure notes – are never visible or accessible to LastPass.

LastPass is built on a zero-knowledge encryption method, which ensures you are the only person who knows your master password – the key used to decrypt your password vault. Thanks to 256-bit AES encryption and PBKDF2 derivation function with a secure hash (SHA256), with salting, your master password is never stored on our servers in its plaintext format, so only you will know what it is.

LastPass secures all passwords, so you don't have to, ensuring that your most important credentials are protected, private, and always within reach. We have undergone an extensive security transformation; emerging as a stronger, more innovative, and independent company with an unwavering commitment to security, privacy, and customer satisfaction.

We seized a unique opportunity to implement an entirely new security and privacy infrastructure across our development and production environments, moved to a purpose-built, highly available and secure Cloud platform, rolled out an entirely new fleet of managed end user devices, and enhanced security and privacy within our digital vault, including achieving ISO 27701 compliance.

We’ve also invested significant resources to strengthen our privacy and security teams, establishing new business units, such as our Privacy Operations, Safety and Trust (POST) team, which focuses on safeguarding customer privacy and protecting against fraud and abuse. Additionally, our new Threat Intelligence, Mitigation, and Escalation (TIME) team provides actionable security insights and advanced threat intelligence on LastPass Labs, our content hub for the market and our customers.

We have documented so much of this journey through updated support articles and close to real-time monitoring of LastPass systems within our new Compliance Center, keeping customers informed every step of the way.

LastPass is a popular password manager that helps users store and manage their passwords. In December 2022, LastPass disclosed a security incident. LastPass remains committed to delivering a secure set of products and services for LastPass customers, and is continuously making improvements and investments across people, processes, and infrastructure to deliver on this commitment.

By streamlining the process of password management and enhancing security, LastPass provides a comprehensive solution for individuals and businesses looking to protect their digital identities.

This article contains additional details on what has been done to secure LastPass.

The safest place to keep your passwords is in a password manager like LastPass. Password managers securely store your login credentials in an encrypted vault, ensuring that only you can access them. By using a password manager, you can generate and store strong, unique passwords for each of your accounts, significantly reducing the risk of your credentials being compromised. This method not only enhances your overall security but also simplifies the process of managing multiple passwords, making it easier to maintain good password hygiene.

For additional details, you can visit LastPass vault to learn more.

When considering alternatives to LastPass, it’s important to look for password managers that offer robust encryption, security audits and transparent privacy policies. While LastPass is a robust and secure password manager, it's important to note that all password managers face common threats, such as phishing attacks. To ensure maximum security, users should regularly update their password manager software, enable two-factor authentication (2FA), and stay vigilant against phishing attempts.

It's crucial to prioritize strong security practices, such as using a unique and complex master password and setting up secure recovery options. Additionally, users should be cautious about where they enter their master password and be aware of the signs of phishing scams. By combining a reliable password manager with these best practices, users can significantly enhance their overall digital security.

For additional details, you can visit the LastPass security page or our support site to learn what makes LastPass secure.

Some users find the limited features of the LastPass free version a disadvantage. Paid plans offer more functionality, for a fee. Users of the free version may miss functionalities such as password sharing, personal customer support, and emergency access. These limitations can be a drawback for individuals who require more robust password management tools but do not want to subscribe to the paid plans. Additionally, the free version limits users to syncing their passwords on only one type of device—either mobile or desktop.

Learn more about why LastPass is loved by millions and recognized by experts.