Log in through the extension

LastPass is best experienced through your browser extension. Install LastPass for Firefox to automatically login to sites as you browse the web.

Install LastPass Close

SECURITY

LastPass Security Reports

Commitment to Security

Security is our highest priority at LastPass, including quickly responding to and fixing reports of material bugs or vulnerabilities. LastPass is in part able to achieve a high level of security for our users by looking to our community to challenge our technology. We appreciate the important work that the security research community provides and appreciate responsible disclosure of issues. Further, we believe that when the security process works as designed, we all benefit.

Note: If you are a LastPass user and you're concerned that your account has been hacked, compromised, or is otherwise at risk, please contact the LastPass support team. We will review and escalate your issue appropriately.


Submitting a Security Report

If you're a security researcher and believe you have found a security bug or vulnerability with LastPass, please follow these steps:

  • Read the LastPass Security FAQs to make sure your concern hasn't already been addressed.
  • Submit your report via our BugCrowd bug bounty program to report issues.
  • Include a code sample and screencast demonstrating the exploit whenever possible.
  • Clearly show how the bug or vulnerability impacts user data or LastPass systems.
  • Allow us sufficient time to review and respond to your report, and coordinate with us for review and approval before any public posting of your findings.
  • Refrain from accessing, modifying, or stealing user data, as well as disrupting the availability of LastPass (including a DDoS attack).

When reporting potential issues, please provide us enough information to recreate your findings. Information may include exact steps to reproduce the bug, any links you clicked on, pages you visited, URLs, and any affected account email addresses. Please include a code sample and either images or a video recording that clearly demonstrates the suspected exploit you have found.

To encrypt sensitive information, you can use this public key:

Display public key

Note: If you are using automated tools to find vulnerabilities, please be aware that these tools frequently report false positives.


Responding to Reports

Once we receive a report, we will take steps to investigate the report and determine its severity. If we attempt to fix the identified issue, contingent on its severity, we may contact you for additional information. We will deploy necessary fixes to affected users based on the issue's severity and potential impact. We will close the report once an is resolved or otherwise determined to be closed.

img_icon_illustrative_zero-knowledge-security-svg

Zero-knowledge security

Safeguarding your data is what we do, with proactive security and reliability as cornerstones of our mission.

Learn About LastPass Security
img_icon_illustrative_faq-svg

Trust Center, Privacy & Security FAQ

Visit our FAQ page to find answers to your product compliance-related questions.

Go to FAQ
img_icon_illustrative_security-shield-svg

Trust Center

Your single source for the latest security, privacy, compliance, and system performance information.

Go to Trust Center

Get started with LastPass

LastPass makes it easy to improve employee password habits and endpoint security. See for yourself with a free 14-day trial. No credit card required.