Blog
Recent
bg
Security Tips

How to Make Your LastPass Vault as Secure as Possible 

Rose de FremeryJune 06, 2023
How to Make Your LastPass Vault as Secure as Possible 
Password security, like passwords themselves, is becoming more sophisticated. Not so long ago, you had a username, password, and that was it. Now, you've graduated to using a password manager to protect all of your online accounts. With a password manager, you only have to keep track of one password to access your vault: your master password Although having one password to rule them all certainly makes life more convenient, it also means you have to take special care to keep your master password safe from cyber criminals. Iterations can help you do just that, steadily securing your most important business data even as bad actors come up with even more inventive ways to break into online accounts.  Here's what you need to know about iterations, how they protect your LastPass vault, and why it's important to increase the number of iterations you use to make your vault as secure as possible. 

How encryption protects your master password in LastPass

When you create a strong master password to protect your LastPass vault, LastPass then uses that password and your email address to derive an encryption key (a series of random numbers and letters) and an authentication hash (or value). LastPass uses a password-strengthening algorithm known as Password-Based Key Derivation Function 2 (PBKFD2) implemented with SHA-256 (Secure Hash Algorithm) to carry out this task. LastPass performs 600,000 rounds (or iterations) of this hashing (aka mathematical functional), along with salting (inserting random numbers and iterations), to create the encryption key. After all of these iterations have run to make your master password unrecognizable, resulting in the encryption key for your LastPass account, one final round of PBKFD2 is performed to create your authentication hash. These steps are done on the client side – that is, directly on your computer or mobile device – so that LastPass never sees or has access to your master password. And since hashing is a one-way function, LastPass cannot reverse the hash that it receives. This means it's not possible for LastPass to reverse engineer an authentication hash that was created for you. Once this step is finished, both your master password and your vault are encrypted, making it impossible for anyone to view or use them without knowing your master password. From that point on, LastPass uses the authentication hash to verify that you have correctly entered your master password before granting you access to your vault.

How iterations strengthen your password security even further

As computer processing power becomes steadily more powerful over time, bad actors will undoubtedly have even more advanced tools for accomplishing their illicit goals. Fortunately, there is a way that you can proactively protect your LastPass vault in the face of these increasing cyber threats.  By increasing the number of iterations that LastPass uses to secure your master password and subsequent encryption key, you can make it that much harder for an attacker to defeat the powerful PBKFD2 encryption standing guard over your LastPass account. If you're creating your master password for the first time, you can change this setting beforehand. If you have already created your master password, never fear – you can still change your password iterations after the fact.

Why it's important to increase iteration counts

Hackers use all the guile and technology at their disposal to execute incredibly damaging breaches, which means that businesses must continually raise the bar on their cybersecurity strategies, as well. Because your master password for LastPass governs access to all of the passwords for your other accounts and the sensitive business data they contain, it is essential to pay special attention to your password security.  Iterations are a powerful tool in your arsenal, enabling you to proactively ward off the cyber threats of today and tomorrow. Accordingly, consider steadily increasing the number of iterations used to protect your employees' LastPass vaults as time goes on. This way, not only will your employees and their accounts be better shielded from potential attacks, but your business will be less likely to suffer a damaging data breach. This best practice will essentially help you stay a step ahead of the game, allowing you to better manage the cyber risks it faces.

How to make your LastPass vault as secure as possible

As passwords become sophisticated, so too must password security. By taking advantage of a password manager, you've already made a smart move against cyber threats. That said, nobody wants to be in a defensive crouch. Ideally, you want to shift toward a more proactive stance and get a leg up on the cyber criminals who are no doubt already strategizing their next attacks. Increasing the number of iterations is an excellent way to do just this, keeping your LastPass vault steadily safer over time, regardless of what the future brings. Discover how LastPass helps protect you against data breaches.