- Karim Toubba, CEO of LastPass, believes the company can still be trusted
- 2022 data breach seriously eroded customer trust
- Four years and millions of dollars later, can that trust be restored?
Karim Toubba, CEO of LastPass, says it may finally be time for customers to leave the past behind and trust the company again.
Before its infamous 2022 breach, LastPass was one of the best password managers on the market, touting cost-effective pricing and impressive security features.
However, a number of security breaches and a string of bad luck have made the LastPass brand a lesson in consumer trust – so what has it done to earn that trust back?
The LastPass lesson
Talk to ZDNetToubba reinforced the same message he told TechRadar three years ago: “We’ve made a multi-year, multi-million dollar investment, and we’ve gone beyond what is normally expected of a standard security program. »
LastPass’ changes include limiting employees to highly secure company-provided devices with strict controls on what apps can be downloaded and run by each employee. The company also decided to encrypt more of its stored data, including the same types of information that was stolen in the ’22 breach, such as billing addresses and email addresses.
Authentication also played an important role in protecting the company from a repeat incident. YubiKeys are now critical to preventing unauthorized access to hardware, which would have prevented the attacker from using credentials obtained from a senior DevOps engineer’s home computer to access an internal vault containing keys to customer data backups that were stolen.
“I would say the new and improved LastPass, if you will, puts security at the very heart of what we do for the consumer,” Toubba added.
It could even be argued that LastPass is more secure because of the violation. The company learned from its failures and used the 2022 incident as “a forcing function to drive many changes,” as Toubba said, to address the failures that led to the breach.
If lightning were to strike twice, would LastPass see the same recovery it has over the past four years? Probably not, which is exactly why there is so much investment in making LastPass as secure as possible.
The best password manager for every budget
