There are a couple of safeguards in place to prevent a remote attacker from getting into a LastPass account. If someone tries to log into your LastPass account from a remote device, the service will not recognize them and will send you an email to verify their identity before they can log in. So an attacker would likely need access to both your LastPass password and your email authentication information in order to get into your LastPass account. You can (and should) also set up two-factor authentication for LastPass to make it even harder for attackers to get in.

If you prefer to keep your data local rather than in the cloud, consider KeePass instead.

Written by

Writing about security for journalists, as well as beginners. Principal researcher at @freedomofpress. freedom.press/training

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store