LastPass now encrypts URLs in password vaults
LastPass has announced it will encrypt URLs stored in users’ vaults. In doing so the company will improve the privacy of users and enhance the protection against data breaches and unauthorized access.
LastPass is a popular password manager used by millions around the world. Everytime a user visits a website, LastPass checks if it matches against entries he saved in his password vault. If a match is made, LastPass automatically logs in, using the saved username and password for that site. URLs have always been saved unencrypted in a user’s vault. That’s simply because decryption was a computationally and memory intensive action back in 2008, when LastPass first introduced this technology. That resulted in a slow and sluggish user experience. To maximize performance, LastPass decided not to encrypt URLs in vaults. Nowadays PCs, smartphones and other mobile devices are more powerful. The limitations and constraints that existed back then are a thing of the past. That is why LastPass has decided to encrypt all URL-related fields in users’ password vaults.
URL encryption on the way
LastPass says this is done to boost user security and privacy, and to comply with the company’s zero-knowledge architecture. “Adding URL encryption required us to re-engineer LastPass to refactor the way nearly every client and back-end component works. That kind of change does not happen overnight, but we have made significant progress, and we are excited to begin delivering URL encryption, which will require some action on the part of our customers in order to take effect”, LastPass says. URL encryption will be implemented in two phases. During the first phase, which is expected to rollout in July, LastPass will begin automatically encrypting the primary URL-fields stored in the vaults. The follow-up phase focuses on automatically encrypting the remaining six URL-related fields stored in LastPass vaults. The password manager expects to complete this phase sometime during the second half of 2024. Both personal users and business administrators will receive step-by-step instructions how to complete the initial URL encryption upgrade in the coming months. LastPass will also inform them how to prepare for encryption of the remaining URL fields.
Your email address will not be published. Required fields are marked