Access Keys:
Skip to content (Access Key - 0)

Q: Is my data in LastPass secure?

Answer

At LastPass, your security and privacy are our their top priority - that's why they have taken every step possible to ensure that your data is safely stored and synced in your LastPass account. This has been accomplished by using 256-bit AES implemented in C++ and JavaScript (for the website) and exclusively encrypting and decrypting on the local PC. This means that your sensitive data does not travel over the Internet nor does it ever touch our servers, only the encrypted data does. This is the same encryption algorithm that is used by the US Government to protect its top-secret data.

Your encrypted data is actually meaningless to LastPass and to everyone else without the decryption key. This key is created from your email address and Master Password. Your Master Password is never sent to LastPass or MIT, only a one-way hash of your password when authenticating, which means that the components that make up your key remain local. LastPass also offers an array of advanced security options that let you add more layers of protection for your organization.

Highlights

  • All sensitive data is encrypted locally
  • They use government-level encryption
  • Only your users know the key to decrypt their data
  • No more using your browser’s insecure password manager

See Also

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

August 03, 2020

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-lastpass c-lastpass Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use
This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki