Proven security modelSecurity is our mission at LastPass. At every step, we've designed LastPass to protect what you store, so you can trust it with your sensitive data.
SOC 2 Type 2 compliance
This detailed review of our controls and processes is a “gold standard” for confirming the security and reliability of LastPass.
Regular audits & pen tests
We engage trusted, world-class, third-party security firms to conduct routine audits and testing of the LastPass service and infrastructure.
Strong data encryption
Sensitive data is encrypted at the device level with AES-256 before syncing with TLS to protect from on-path attackers.
Bug bounty program
Our bug bounty program incentivizes responsible disclosure and improvements to our service from top security researchers.
LastPass operates out of multiple, geo-distributed facilities that can handle all customer traffic for redundancy.
Transparent incident response
Our team reacts swiftly to reports of bugs or vulnerabilities and communicates transparently with our community.