With a bevy of business password managers on the market, picking the right one may seem like a tough task. With an increase of cybersecurity threats shepherded by the pandemic, you’ll need a password management solution that is built with security and encryption best practices and can handle an ever-evolving threat landscape.
The goal of a password manager is to reduce the risk of a data breach and safeguard your business. You want to ensure that any solution you adopt is itself properly secured, and that it gives you the right tools to actually enforce better policies in your organization.
With proactive security and reliability as cornerstones of our mission, we’ve designed LastPass to protect what you store at every step, so you can trust it with your sensitive data.
For more than 70,000 businesses, LastPass reduces friction for employees while increasing control and visibility with a password management solution that is easy to manage and effortless to use.
“Password security is a question that always comes up, so with LastPass, that’s a big tick in that box and we move on. Essentially, it is our product of choice for password management, and I can’t see another solution out there that comes close," relates Jason Muir, IT Operations Manager at MOQdigital.
Let’s explore how LastPass is built to keep your business safe.
How do we keep our customers' data secure?
Securing an account begins the moment it’s created. LastPass operates on a zero-knowledge security model that ensures customer data remains protected. When a LastPass user creates their master password, it’s used to generate a unique encryption key. The master password and the encryption key stay local on the user’s device – they are never sent to or shared with LastPass. Without the encryption key, your encrypted vault data is meaningless. We also employ the following best practices, to ensure that customer data remains secure:- End-point encryption: Encryption happens exclusively at the device level before syncing to LastPass for safe storage, so only users can decrypt their data.
- 256-bit AES encryption: This algorithm is widely accepted as impenetrable – it’s the same encryption type utilized by banks and the military.
- TLS for secure data transfer: Even though sensitive data is already encrypted with AES-256, the TLS protocol secures the connection to LastPass to further protect a user’s data.
- 100,100 rounds of PBKDF2-SHA256 hashing for brute-force attacks: We strengthen the master password and encryption key against large-scale, brute-force attacks by slowing down guesses.
- Private master password: We do not send or store the master password at all to ensure that access to sensitive vault data remains secure.
- Zero-knowledge model: LastPass Federated Login Services is designed to ensure that the user’s identity provider credentials are not exposed to LastPass and all data stored encrypted on LastPass’ servers.
How do we keep our infrastructure protected?
LastPass also utilizes best practices to protect our infrastructure, including regularly upgrading our systems, as well as utilizing redundant data centers to reduce the risk of downtime or a single-point-of-failure. We employ the following to ensure that our customers can trust our security infrastructure:- Regular audits and pen tests: We engage with trusted, world-class, third-party security firms to conduct routine audits and testing of the LastPass service and infrastructure.
- Bug bounty program: Our bug bounty program incentivizes responsible disclosure and improvements to our service from top security researchers.
- Transparent incident response: Our team reacts swiftly to reports of bugs or vulnerabilities and communicates transparently with our community.
