LastPass

LastPass provides a password management platform that allows users to store, generate, and autofill login credentials across devices and browsers. It offers a secure vault protected by a master password, using client-side encryption so that only the user can decrypt stored data. The service includes features such as password sharing, multi-factor authentication, dark web monitoring, and emergency access for individuals, families, and enterprise customers. LastPass markets its solutions to consumers seeking personal password hygiene, to households needing shared vaults, and to businesses requiring centralized admin controls and policy enforcement. The platform integrates with major operating systems and browsers, enabling seamless access to saved credentials on desktops, laptops, and mobile devices. By focusing on ease of use combined with strong cryptographic safeguards, LastPass aims to reduce password fatigue while protecting digital identities.

LastPass employs a Zero Knowledge architecture, meaning that encryption and decryption occur locally on the user's device and the company never has access to the master password or unencrypted vault data. All stored information is protected with AES-256 bit encryption, strengthened by per-user salts and iterative hashing to resist brute-force attacks. The service also supports various multi-factor authentication methods, including hardware tokens, biometrics, and one-time passcodes, to add layers of security beyond the master password. LastPass is headquartered in the United States of America, as indicated in the organisational context. Over its history the company has disclosed security incidents, including a 2015 breach that exposed email addresses, password reminders, server salts and authentication hashes, and a series of 2022 incidents where attackers leveraged stolen developer information and compromised credentials to access customer metadata and cloud storage. These events have prompted the firm to engage external investigators, notify law enforcement, and improve its detection and response capabilities. The combination of its cryptographic model, feature set, and ongoing security investments distinguishes LastPass within the password management sector.