‘It's easier to tell them what hasn't changed in the last three to four years than what has’: LastPass CEO Karim Toubba on why it deserves your trust back after 2022 breach

News
By published

Has LastPass done enough to earn back your trust?

LastPass
(Image credit: LastPass)
  • LastPass CEO Karim Toubba believes the company can still be trusted
  • 2022 data breach seriously eroded customer trust
  • Four years and millions of dollars later, can that trust be restored?

LastPass CEO Karim Toubba says that it might finally be time for customers to let bygones be bygones and trust the company once again.

Before its infamous 2022 breach, LastPass was one of the best password managers around, touting cost effective pricing and impressive security features.

However, a number of security lapses and a string of bad luck turned the LastPass brand into a lesson in consumer trust - so what has it done to earn back that trust?

Article continues below

The LastPass Lesson

Speaking to ZDNet, Toubba reinforced the same message he told TechRadar three years ago, “We made a multi-year, multi-million-dollar investment, and we went beyond what would normally be expected of a standard security program.”

The changes LastPass have made include limiting employees to highly secure company-provided devices with strict controls over the apps that can be downloaded and run by each employee. The company also moved to encrypt more of its stored data, including the same types of information that was stolen in the breach of ‘22, such as billing addresses and email addresses.

Authentication has also played a serious role in shoring up the company against a repeat incident. YubiKeys are now central to preventing unauthorized access to hardware, which would have stopped the attacker from using the credentials obtained from a senior DevOps engineer’s personal computer to access an internal vault holding keys to the customer data backups that were stolen.

“I would say the new and improved LastPass, if you will, is one that puts security at the very heart of what we do for the consumer," Toubba added.

The case could even be made that LastPass is more secure because of the breach. The company has learned from its failings and used the 2022 incident as “a forcing function to drive a lot of changes,” as Toubba put it, to address the failures that led to the breach.

If lightning were to strike twice, would LastPass make the same recovery it has made over the past four years? Likely no, which is exactly why there is so much investment in making LastPass secure as possible.

Best password manager header
The best password manager for all budgets

➡️ Read our full guide to the best password manager
1. Best overall:
NordPass
2. Best for mobile:
RoboForm
3. Best for syncing and sharing:
Keeper

TOPICS
Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.

Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with a robust academic framework for deconstructing complex international conflicts and intelligence operations, and the ability to translate intricate security data into actionable insights.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.