We’re doing a little bit of housekeeping at LastPass since our security certificates are up for their annual renewal. In the coming days, the TLS certificates that are used to secure encrypted sessions for LastPass users are being transitioned to a new Extended Validation (EV) certificate from GlobalSign. These will be replacing the root CA Thawte certificates that we have used to date.
Our security certificate for LastPass.eu is also being replaced with a new EV certificate from GlobalSign, providing increased security for users on LastPass.eu as well.
Going forward, you’ll also be seeing the certificate information refer to “LastPass (LogMeIn, Inc)” (rather than the previous Marvasol, Inc).
What That Means for LastPass Users
All changes will be happening behind-the-scenes, so most LastPass users shouldn’t need to take action, nor should you encounter problems or interruptions to the service. The browser extensions and mobile apps will continue to operate without interruption. When you connect to LastPass.com, simply ensure that the “lock” icon in your browser URL bar is still green.
If you are using the LastPass command line application (LastPass-cli), please update to version 0.5.2, 0.6.1, 0.7.2, 0.8.1, 0.90, which have all been updated to include fingerprints for new public keys. These versions of LastPass-cli will work with both the old and new certificates.
Reports or concerns? Please let us know in the comments below or get in touch with our support team.