Proven security model
Security is our mission at LastPass. At every step, we've designed LastPass to protect what you store, so you can trust it with your sensitive data.SOC 2 Type 2 compliance
This detailed review of our controls and processes is a “gold standard” for confirming the security and reliability of LastPass.
Regular audits & pen tests
We engage trusted, world-class, third-party security firms to conduct routine audits and testing of the LastPass service and infrastructure.
Strong data encryption
Sensitive data is encrypted at the device level with AES-256 before syncing with TLS to protect from on-path attackers.
Bug bounty program
Our bug bounty program incentivizes responsible disclosure and improvements to our service from top security researchers. Learn More
Reliable Service
LastPass operates out of multiple, geo-distributed facilities that can handle all customer traffic for redundancy.
Transparent incident response
Our team reacts swiftly to reports of bugs or vulnerabilities and communicates transparently with our community.