Trusted. Secure. Reliable.
Safeguarding your data is what we do. With proactive security and reliability as cornerstones of our mission.
“Understanding the LastPass architecture is the key to understanding why it's safe to trust them, why I trust them, and why I've completely switched my entire solution for managing passwords over to LastPass.”
Proven security modelSecurity is our mission at LastPass. At every step, we've designed LastPass to protect what you store, so you can trust it with your sensitive data.
SOC 2 Type 1 compliance
This detailed review of our controls and processes is a “gold standard” for confirming the security and reliability of LastPass.
Regular audits & pen tests
We engage trusted, world-class, third-party security firms to conduct routine audits and testing of the LastPass service and infrastructure.
Strong data encryption
Sensitive data is encrypted at the device level with AES-256 before syncing with TLS to protect from man-in-the-middle attacks.
Bug bounty program
Our bug bounty program incentivizes responsible disclosure and improvements to our service from top security researchers. Learn More
LastPass operates out of multiple, geo-distributed facilities that can handle all customer traffic for redundancy.
Transparent incident response
Our team reacts swiftly to reports of bugs or vulnerabilities and communicates transparently with our community.
Secure product architecture
LastPass is designed to keep sensitive data safe using a zero-knowledge security model.
Private Master Password
LastPass does not send or store the master password. We believe that if LastPass can’t access your data neither can hackers.
Encryption happens exclusively at the device level before syncing to LastPass for safe storage, so only users can decrypt their data.
256-bit AES encryption
This algorithm is widely accepted as impenetrable – it’s the same encryption type utilized by banks and the military.
PBKDF2-SHA256 for brute-force attacks
We strengthen the master password and encryption key against large-scale, brute-force attacks by slowing down guesses.
Powerful security features
Businesses can take password security into their own hands with LastPass.
Add extra security by requiring a second login verification step with LastPass Authenticator or other top multi-factor services.
Centralized IT control
The admin dashboard gives visibility into password hygiene and over 100 configurable policies to improve security.
Scan passwords in the vault to identify and replace any weak, reused, compromised, and old passwords.
LastPass will only fill in passwords on the sites you’ve saved and have trusted.