- LastPass CEO Karim Toubba believes the company can still be trusted
- 2022 data breach seriously eroded customer trust
- Four years and millions of dollars later, can that trust be restored?
LastPass CEO Karim Toubba says that it might finally be time for customers to let bygones be bygones and trust the company once again.
Before its infamous 2022 breach, LastPass was one of the best password managers around, touting cost effective pricing and impressive security features.
However, a number of security lapses and a string of bad luck turned the LastPass brand into a lesson in consumer trust – so what has it done to earn back that trust?
The LastPass Lesson
Speaking to ZDNet, Toubba reinforced the same message he told TechRadar three years ago, “We made a multi-year, multi-million-dollar investment, and we went beyond what would normally be expected of a standard security program.”
The changes LastPass have made include limiting employees to highly secure company-provided devices with strict controls over the apps that can be downloaded and run by each employee. The company also moved to encrypt more of its stored data, including the same types of information that was stolen in the breach of ‘22, such as billing addresses and email addresses.
Authentication has also played a serious role in shoring up the company against a repeat incident. YubiKeys are now central to preventing unauthorized access to hardware, which would have stopped the attacker from using the credentials obtained from a senior DevOps engineer’s personal computer to access an internal vault holding keys to the customer data backups that were stolen.
“I would say the new and improved LastPass, if you will, is one that puts security at the very heart of what we do for the consumer,” Toubba added.
The case could even be made that LastPass is more secure because of the breach. The company has learned from its failings and used the 2022 incident as “a forcing function to drive a lot of changes,” as Toubba put it, to address the failures that led to the breach.
If lightning were to strike twice, would LastPass make the same recovery it has made over the past four years? Likely no, which is exactly why there is so much investment in making LastPass secure as possible.
The best password manager for all budgets
