LastPass Rolls Out URL Encryption In Password Vaults

LastPass introduces URL encryption in its password vaults. With encrypted URLs, LastPass believes it can curtail the severity of possible data breaches or unauthorized accesses.

LastPass URL Encryption Aims At Enhanced Security

Saving URLs in password vaults has long been a LastPass practice, facilitating users in auto-filling passwords on the respective passwords. However, considering the potential security risks associated with visible URLs, LastPass has now decided to implement URL encryption in its password vaults.

As explained in its post, site URLs expose much information about the “nature of accounts” for which the user has saved the passwords. For instance, “facebook.com” clearly reveals that the stored password is for the Facebook profile. Likewise, a banking site’s URL hints at the treasure trove hidden behind the stored password. Therefore, encrypting URLs can significantly preserve users’ privacy by hiding the exact nature of the account corresponding to a saved password.

LastPass further elaborated that encrypting URLs was not possible earlier because of technological constraints. Since decryption was “computationally and memory intensive,” it would adversely affect the systems’ hardware performance. However, such constraints no longer exist; hence, LastPass deemed it right to implement URL encryption. This move also strengthens LastPass’ zero-knowledge architecture while protecting the users’ privacy.

Regarding the feature rollout, LastPass explained that it’ll happen in two phases. In phase 1, LastPass personal and Business users will receive emails regarding the feature as the service rolls out automatic URL encryption for the primary URL fields. LastPass intends to complete this phase by June, ensuring a complete rollout in July. This will be followed by phase 2, which will be completed later this year, in which the service will encrypt the remaining URL fields.

For now, this feature requires no action from the users, but the service will provide step-by-step instructions and guidelines for URL encryption in the future.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients