- Karim Toubba, CEO of LastPass, believes the company can still be trusted
- 2022 data breach severely eroded customer trust
- Four years and millions of dollars later, can that trust be restored?
LastPass CEO Karim Toubba says it might finally be time for customers to let bygones be bygones and trust the company again.
Before its infamous 2022 breach, LastPass was one of the best password managers out there, touting cost-effective pricing and impressive security features.
However, a series of security flaws and a streak of bad luck turned the LastPass brand into a lesson in consumer trust. So what have you done to regain that trust?
The last step lesson
talking to ZDNetToubba reinforced the same message he told TechRadar three years ago: “We made a multi-million-dollar, multi-year investment and went above and beyond what would normally be expected from a standard security program.”
The changes LastPass has made include limiting employees to highly secure company-issued devices with strict controls on which apps each employee can download and run. The company also took steps to encrypt more stored data, including the same type of information that was stolen in the ’22 breach, such as billing addresses and email addresses.
Authentication has also played an important role in protecting the company against a repeat incident. YubiKeys are now critical to preventing unauthorized access to hardware, which would have prevented the attacker from using credentials obtained from a senior DevOps engineer’s personal computer to access an internal vault containing keys to stolen backups of customer data.
“I would say the new and improved LastPass, so to speak, puts security at the center of what we do for the consumer,” Toubba added.
One could even argue that LastPass is more secure because of non-compliance. The company learned from its failures and used the 2022 incident as “a forced feature to drive a lot of changes,” as Toubba said, to address the failures that led to the breach.
If lightning struck twice, would LastPass recover the same way it has over the past four years? Probably not, which is exactly why so much investment is put into making LastPass as secure as possible.
The best password manager for every budget
