LastPass - What Cyberattacks Does LastPass Help Protect Me From?

LastPass can be used to help prevent credential theft

LastPass (and other similar password managers) help protect phishing and credential stuffing attacks.

Phishing

LastPass includes URL (website address) matching for stored sites. Phishing attempts often include links to spoofed URLs that look almost identical to the websites they’re trying to impersonate. LastPass will not autofill your credentials if the linked URL does not match the URL of the website stored in your Vault. 


Therefore, if LastPass does not autofill your credentials when you click on a link to a stored website, take a moment to review the URL. If the URL does not match the URL stored in your vault, report the suspected phishing attempt as per the instructions in the Phishing Detection and Remediation KB article.

Credential Stuffing

Credential stuffing is an automated brute-forcing attack using lists of known username/email and password pairs to attempt to gain access to user accounts.


LastPass can help mitigate the risk of credential stuffing attacks through its ability to monitor password strength and reuse. This information is communicated to LastPass users through the LastPass Security Challenge.


Users who are using weak passwords and/or reusing passwords can use LastPass to generate strong, unique passwords for each of their stored accounts. LastPass can help users manually change passwords or it can change some passwords automatically, making it even easier to reduce users’ instances of weak/reused passwords.   

Related KB Articles

For more information about the secureness of LastPass refer to “How Safe is LastPass Enterprise?


For advice about creating better passwords, refer to “How to Create Strong and Memorable Passwords?


For more information about adding passwords to LastPass, refer to “How Do I Add a Password or a Secret to LastPass?


For more information about using LastPass to change passwords, refer to “How Do I Change a Site Password in LastPass?