- LastPass CEO Karim Toubba believes the company can still be trusted
- Data breaches in 2022 seriously eroded customer trust
- Four years and millions of dollars later, can that trust be restored?
LastPass CEO Karim Toubba says it may finally be time for customers to let bygones be bygones and trust the company again.
Before the infamous breach in 2022, LastPass was one of the best password managers out there, touting cost-effective pricing and impressive security features.
But a series of security lapses and mishaps made the LastPass brand a lesson in consumer trust — so what has it done to earn that trust back?
The LastPass lesson
speaks to ZDNetToubba reinforced the same message he told TechRadar three years ago, “We made a multi-year, multi-million dollar investment and we went above and beyond what would normally be expected of a standard security program.”
The changes LastPass has made include restricting employees to highly secure company-issued devices with strict controls over the apps that can be downloaded and run by each employee. The company also moved to encrypt more of its stored data, including the same types of information stolen in the ’22 breach, such as billing addresses and email addresses.
Authentication has also played a serious role in supporting the business against a repeat incident. YubiKeys are now central to preventing unauthorized access to hardware, which would have prevented the attacker from using the credentials of a senior DevOps engineer’s personal computer to access an internal keybox for the customer data backups that were stolen.
“I would say the new and improved LastPass, if you will, is one that puts security at the heart of what we do for the consumer,” Toubba added.
It could even be argued that LastPass is more secure because of the breach. The company has learned from its mistakes and used the 2022 incident as “a compelling function to drive a lot of changes,” as Toubba put it, to address the mistakes that led to the breach.
If lightning were to strike twice, would LastPass make the same recovery it has over the past four years? Probably not, which is exactly why so much is invested in making LastPass as secure as possible.
The best password manager for all budgets
