New IPs, TLS Certification & More

Providing a service that is secure and reliable is mission-critical here at LastPass. As such, it’s important to periodically update our core operations. Here are some behind-the-scenes upgrades we’re rolling out:

New IPs and TLS Certification

LastPass has moved its front end site to Akamai for improved performance and security. We’ve created new SSL certificates signed by GlobalSign and hosted at Akamai.

Merging Operations

We are adding data centers to increase our capacity to support our rapidly expanding user base. In addition to ensuring uptime, this will also improve our resiliency against Distributed Denial of Service (DDoS) attacks.

No action is required of any users, and no interruption to service is expected.

We also want to assure our users that no changes have been made to the way that we encrypt, store, or securely transfer user data. As we have from day one, we continue to employ local-only encryption to ensure that LastPass, LogMeIn, and anyone else cannot access passwords and other sensitive information you store in your vault. Only you have your master password, so only you have the key to unlock your vault. Our commitment to security and privacy has always been and continues to be fundamental to the work we do.

We’re on a mission to be be the world’s password manager of choice, and building a high-availability, high-scalability architecture is part of that mission.

7 Comments

  • These is great news! But do you have some roadmap regarding new features and improvements?
    I’have been using LastPass since a few years and development is a bit slow (especially, in my humble opinion, two things needs improvement – f orm filler and user interface.)

    Anyway, thanks for good work and keep going!

  • tony atienza says:

    Recently LastPass servers were down and made it unavailable for me to access my vault. In these situations, how do I access my information. I read somewhere that I can make LastPass available “offline” but I thought that would make my account less secure. Please advise.
    Thanks,
    Mostly satisfied LastPass User :)

    • Richard Nishimura says:

      I just login to LastPass in my browser even when I am offline. The icon is yellow and says I am offline. I have access to all my passwords and LP logs me into sites like usual. I have not really noticed any disruption when this happens. In my case it is usually my network, router or dsl connection that has me offline. My understanding is that LP stores passwords locally on my computer, encrypted using the same algorithm as on the server. My computers have the key to decrypt the passwords which can only be decrypted and accessed by me successfully providing the LP Master Password, and a code from my iPhone because I use 2-factor authentication. Although having the decryption key stored alongside the encrypted passwords on my computer is arguably weaker than on the server where the key is not stored, my computer has an additional layer of security by virtue of requiring someone to either physically access it or get through the the router and Windows Firewall. Once someone has access to my computer all is lost anyway.

      Check this out: https://lastpass.com/support.php?cmd=showfaq&id=956

    • ddssee says:

      You can sign in offline.

    • Lastpass User says:

      I periodically backup a local copy of my vault by exporting it as Lastpass Encrypted File (.xml), which can be opened by Lastpass Pocket. This makes sure that I always have my credentials even if servers are unavailable. It’s a quick solution rather than carrying a portable browser around (Lastpass Portable).
      Also, you can make Lastpass available ‘offline’ as well as secure by ‘Auto Logout when browser is closed’ option. This will require master password re-prompt after a certain amount of time you have set.

  • Raphi says:

    This is great. What is the status on having datacenters out of the US? If security is really a concern as you say, then you know this is a critical feature for users who cares. I know you have a EU datacenter but the feature has been in beta for more than a year now and no sign of changes.
    Could you tell us if this is a priority for you?
    If so, any rough timeline?

    Thank you

    • Amber Gott says:

      Thanks Raphi, I can confirm this is still in Beta and no ETA on an official launch date, but we welcome any feedback if you do try it out.