LastPass is encrypting URLs used with Password Vaults


LastPass, a widely used password manager trusted by millions of consumers and businesses globally, has announced an upgrade to its security measures, the encryption of URLs within its password vaults.

This development is part of LastPass’s ongoing mission to protect customer data while maintaining a seamless user experience.

The Evolution of URL Encryption

When LastPass was launched in 2008, the technology landscape was vastly different.

Decrypting URLs was a resource-intensive process that could slow down performance on low-powered PCs and mobile devices.

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service

To ensure a smooth user experience, LastPass opted not to encrypt URLs within its vaults.

Over the years, additional URL-matching functionalities, such as the equivalent domains feature, were built on this logic.

However, technological advancements have made it feasible to encrypt all URL-related fields without compromising performance.

Modern devices can efficiently handle the encryption and decryption processes, allowing LastPass to enhance security without affecting the user experience.

URLs can contain sensitive information about the nature of the accounts associated with stored credentials, such as banking, email, and social media accounts.

Encrypting these URLs is crucial for expanding LastPass’s zero-knowledge architecture, ensuring that even LastPass itself cannot access this information.

This enhancement significantly boosts customer privacy and mitigates risks by keeping URLs related to specific services or accounts private.

Implementing URL encryption required LastPass to re-engineer its system, refactoring nearly every client and back-end component.

This extensive overhaul underscores LastPass’s dedication to security and privacy.

What Users Can Expect

The rollout of URL encryption will occur in two phases. The first phase, expected to be completed in June, will begin in July.

During this phase, personal users and business admins will receive detailed instructions via email.

LastPass will automatically encrypt the primary URL fields of existing accounts and any new or edited accounts after the change.

Additionally, a duplicate and unneeded legacy URL field will be deleted.

The second phase, anticipated to be completed in the latter half of 2024, will focus on encrypting the remaining six URL-related fields stored in LastPass vaults.

Customers and admins will receive step-by-step instructions to complete the initial URL encryption upgrade and prepare for the encryption of all remaining URL fields.

Commitment to Security

URL encryption marks a significant milestone in LastPass’s ongoing efforts to strengthen its password management vault.

LastPass remains committed to innovation, security, privacy, and trust, recognizing that cybersecurity is a continuous journey.

For more information on LastPass’s commitment to security, users can refer to the recent addition to “What we have done to secure LastPass.

“This enhancement reflects LastPass’s dedication to providing a secure and user-friendly experience, ensuring that customer data remains protected in an ever-evolving digital landscape.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers



Source link