How LastPass and the Password Industry Have Evolved

Password vaults are no longer enough. The new rules for good cybersecurity hygiene include understanding concepts like visibility, authentication and authorization. It takes more than a strong password to defend your digital life against increasingly sophisticated hackers. Over the last few years, LastPass has implemented the infrastructure both individuals and enterprises need to thrive in the shifting cybersecurity landscape. The company became fully independent in 2024, and has used the transition as an opportunity to reinvest in technology, people and processes to rebuild its security foundation and better support its customers. Today, LastPass is more secure than ever. Here's what to know about where the password protection industry is headed and why LastPass is ready to support you along the way. Why credentials matter In many industries, the advent of artificial intelligence has made work faster, easier and more efficient. Unfortunately, this also holds true for scammers trying to steal your information for their own financial gain. As brute force and phishing efforts become increasingly automated, savvy consumers must transcend passwords altogether and adopt a passwordless approach, in which tools like passkeys and biometrics provide the necessary credentials for authentication. Much of this innovation is driven by passkeys, which use your smartphone or other device to authenticate a login, rather than a password. This is different from two-factor authentication (2FA), which often still relies on codes sent via email or SMS. With passkeys, there aren't any codes at all; this makes passkeys strong and secure against some of hackers' most common tools for theft, including phishing and social engineering. It's in a consumer's best interest to both learn about passkeys and use software tools that offer passkey technology, preferably software that uses the passkey methodology throughout its own company systems. That's where LastPass comes in. In addition to recently launching support for passkeys, the company has rebuilt itself from the ground up to prioritize security and smarter secure access that reimagines what credential management can be. What's new at LastPass Over the last three years, LastPass has brought in new talent with deep expertise in online security and privacy to keep customers, users and business safe and protected online. The company has appointed new executives in product, security, engineering and IT, and has also implemented a threat intelligence, mitigation and escalation (TIME) team. Unique amongst other password manager providers, the team proactively monitors and analyzes threats that could impact the LastPass community in the future, sharing their insights publicly on LastPass Labs, the company's customer-facing content hub. The company has also created a publicly available Trust Center for close to real-time monitoring of LastPass systems and access to the latest attestations, including ISO 27001, SOC2, and others, as well as policies and security documentation. With an even stronger foundation built on security and privacy, LastPass turned its sights beyond credential management, introducing Business Max with available SaaS Monitoring and SaaS Protect to monitor and manage access to applications and AI across businesses of all sizes. Other updates the company has made include: Cloud security posture management (CSPM) platform A CSPM continuously monitors cloud environments and looks for new vulnerabilities. Think of a CSPM like a digital security guard hanging out in your cloud systems and flagging anything that looks suspicious. LastPass deployed CSPM in the company's production and development environments last year. Enhanced endpoint security controls LastPass endpoint security has been strengthened for all teams to meet industry best-practice standards, and YubiKey FIDO2 security keys were rolled out to its IT, security and engineering teams last year. This means LastPass employees need both a public key and private key to access any of the company's systems. Better master password security In 2023, the Open Worldwide Application Security Project (OWASP), a digital security non-profit, recommended upgrading the minimum PBKDF2 SHA256 iteration count to 600,000 iterations. LastPass has implemented these standards. This means master passwords are hashed many more times prior to authenticating (the prior recommendation was 100,000 iterations). You won't notice a difference as a user, but a hacker attempting to force their way into your systems via AI or other intelligent software will be slowed down so much their efforts become ineffective. Secure your future with LastPass If you're someone who gets overwhelmed when you read cybersecurity jargon, know that LastPass has you covered. Whether you're an individual looking for better protection or a company decision-maker looking to strengthen IT security efforts, LastPass has been completely rebuilt to empower a modern, safe approach to security. Learn more about LastPass to see what new features the company has to offer.