‘It's easier to tell them what hasn't changed in the last three to four years than what has’: LastPass CEO Karim Toubba on why it deserves your trust back after 2022 breach

News
By published

Has LastPass done enough to earn back your trust?

LastPass
(Image credit: LastPass)
  • LastPass CEO Karim Toubba believes the company can still be trusted
  • 2022 data breach seriously eroded customer trust
  • Four years and millions of dollars later, can that trust be restored?

LastPass CEO Karim Toubba says that it might finally be time for customers to let bygones be bygones and trust the company once again.

Before its infamous 2022 breach, LastPass was one of the best password managers around, touting cost effective pricing and impressive security features.

However, a number of security lapses and a string of bad luck turned the LastPass brand into a lesson in consumer trust - so what has it done to earn back that trust?

The LastPass Lesson

Speaking to ZDNet, Toubba reinforced the same message he told TechRadar three years ago, “We made a multi-year, multi-million-dollar investment, and we went beyond what would normally be expected of a standard security program.”

The changes LastPass have made include limiting employees to highly secure company-provided devices with strict controls over the apps that can be downloaded and run by each employee. The company also moved to encrypt more of its stored data, including the same types of information that was stolen in the breach of ‘22, such as billing addresses and email addresses.

Authentication has also played a serious role in shoring up the company against a repeat incident. YubiKeys are now central to preventing unauthorized access to hardware, which would have stopped the attacker from using the credentials obtained from a senior DevOps engineer’s personal computer to access an internal vault holding keys to the customer data backups that were stolen.

“I would say the new and improved LastPass, if you will, is one that puts security at the very heart of what we do for the consumer," Toubba added.

The case could even be made that LastPass is more secure because of the breach. The company has learned from its failings and used the 2022 incident as “a forcing function to drive a lot of changes,” as Toubba put it, to address the failures that led to the breach.

If lightning were to strike twice, would LastPass make the same recovery it has made over the past four years? Likely no, which is exactly why there is so much investment in making LastPass secure as possible.

Best password manager header
The best password manager for all budgets

➡️ Read our full guide to the best password manager
1. Best overall:
NordPass
2. Best for mobile:
RoboForm
3. Best for syncing and sharing:
Keeper

TOPICS
Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict has been with TechRadar Pro for over two years, and has specialized in writing about cybersecurity, threat intelligence, and B2B security solutions. His coverage explores the critical areas of national security, including state-sponsored threat actors, APT groups, critical infrastructure, and social engineering.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the Centre for Security and Intelligence Studies at the University of Buckingham, providing him with a strong academic foundation for his reporting on geopolitics, threat intelligence, and cyber-warfare.

Prior to his postgraduate studies, Benedict earned a BA in Politics with Journalism, providing him with the skills to translate complex political and security issues into comprehensible copy.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.