Is LastPass safe in 2025? An honest assessment after the 2022 breach
LastPass in 2025: can it be trusted after the 2022 disaster?
The LastPass breach of 2022 remains one of the most significant security incidents in password manager history. Attackers gained access to backup copies of customer vault data. For users with weak master passwords, those encrypted vaults could be decrypted through brute force attacks. Real-world damage has been documented: cryptocurrency wallet drains, account takeovers, and financial losses traced back to compromised LastPass data.
The question in 2025 is whether LastPass has meaningfully improved, and whether it can be trusted again.
What LastPass changed after the breach
LastPass increased default PBKDF2 iterations from 100,100 to 600,000, aligning with NIST recommendations. They separated authentication and storage infrastructure. They brought in new security leadership. They published detailed post-mortem reports and regular security updates.
🔒 Quel gestionnaire de mots de passe choisir en 2026 ?
Comparez NordPass, 1Password, Dashlane, Bitwarden et Keeper. Notre verdict après tests complets.
Voir le comparatif 2026 →These changes are real and meaningful. The infrastructure that was compromised in 2022 has been rebuilt with better isolation between components.
What LastPass cannot undo
The vault data already stolen cannot be retrieved. If your vault was among those taken in the 2022 breach, it is in attackers’ hands. The question is whether your master password was strong enough to resist brute force attacks that have now been running for three years. For users with weak master passwords (under 16 characters, using dictionary words), those vaults may already be cracked.
The reputational damage has also driven millions of users away, reducing the community of security researchers actively scrutinizing LastPass code and practices.
The honest recommendation
If you were a LastPass user in 2022, you should have already changed the passwords for your most sensitive accounts: banking, email, work systems. If you haven’t, do it now regardless of whether you are still on LastPass.
For new users in 2025, there is no rational argument to choose LastPass over Bitwarden or 1Password. Bitwarden is open source, has never had a significant breach, and costs less. 1Password uses an architecture (Secret Key) that makes the 2022-style breach scenario structurally impossible.
LastPass remains a functioning product with improved security practices. It is not the outright dangerous choice some portray it as post-2022. But it carries reputational and residual risk that its competitors don’t.
Was my LastPass data compromised in the 2022 breach?
LastPass confirmed that backup copies of customer vault data were stolen in the 2022 breach. If you had a LastPass account in 2022, your encrypted vault data was likely among those taken. Your actual passwords remain protected as long as your master password is strong enough to resist brute force attacks.
Camille Duval
Camille Duval est journaliste tech specialisee en vie privee numerique depuis 8 ans. Ancienne redactrice chez Numerama, elle decrypte les enjeux de protection des donnees personnelles avec un regard accessible et critique sur les outils du quotidien.
