LastPass is Reportedly Undergoing a Systemic Security Upgrade

LastPass is reportedly undergoing a systemic security upgrade in the wake of a major cyberattack that eventually had a huge impact on customer trust last year.

LastPass is Reportedly Undergoing a Systemic Security Upgrade


LastPass is Reportedly Undergoing a Systemic Security Upgrade

In an attempt to regain the trust of its users, LastPass has undergone a months-long security makeover. The password manager was the target of a cyberattack in August 2022, which turned out to be one of the most well-known breaches of the previous year.

However, some LastPass users still seem to be lacking confidence, even with some security updates completed and others in progress. The whole breach that revealed a cloud-based backup of every customer vault record still has scars on it.

The concept for the company’s cybersecurity makeover, which it initially revealed in March, encompasses a wide range of acronyms related to security tools. According to Karim Toubba, a chief executive official of LastPass, this “systemic change” is essential for both the company’s long-term prospects and the safety of its clients.

All Cloud Infrastructure Now Has a Cloud Security Posture Management (CSPM) Layer Added

All cloud infrastructure currently has a cloud security posture management (CSPM) layer added. Also, the business moved to an endpoint detection and response (EDR) system that it believed to be more efficient.

LastPass announced in an update last week that it had also made investments in the implementation of a secure access service edge (SASE) and enhanced logs and alarms in its security orchestration, automation, and response (SOAR) platform.

Nevertheless, it is uncertain how these initiatives will be received by enterprise clients. The architecture of LastPass’s infrastructure will determine the actual effect of these modifications, according to Allie Mellen, a lead analyst at Forrester.

Additional Security Upgrades, According to LastPass

These are technical updates that will be important to security experts and LastPass partners. But they probably won’t have much of an impact on customers other than letting them know that LastPass has improved security overall.

According to LastPass, the other security improvements include:

  • Switching to an alternative source code control system.
  • A new rule is now being implemented that will eventually force all users to create master passwords that are longer and more complex.
  • A strengthening of Microsoft Azure AD and Okta’s important component rotations.
  • An enhanced possibility for one-time password recovery.
  • An early hardware security key implementation for FIDO2.
  • The launch of a new SIEM integration that maintains access tokens in encrypted form, as well as a reset of security information and event management (SIEM) Splunk tokens
  • Code-safety programs for SBOM and increased adherence to supply chain standards for software components.



Please enter your comment!
Please enter your name here