News

About the Change 

LastPass has announced it will enhance its security by encrypting URLs stored in user vaults. URLs were not previously encrypted to optimize performance and user experience; however, with advancements in technology, LastPass can now safely encrypt these URLs without affecting performance. 

Encrypting URLs will protect sensitive account details that could be inferred from these URLs, such as banking or social media information. This change will bolster LastPass's zero-knowledge architecture and enhance overall privacy for users. 

The update will be rolled out in two phases. The first phase, starting in August or September 2024, will focus on encrypting primary URL fields in existing and new vault entries, and removing a redundant legacy URL field. The second phase, expected later in 2024, will address the remaining six URL-related fields. 

What You Need to Do 

User action is required for this upgrade, as LastPass Support cannot force the privacy upgrade to be manually applied to your account. In the coming weeks, you will receive detailed instructions from LastPass via email outlining the steps to complete the initial URL encryption upgrade and prepare for the encryption of additional URL fields later this year. Once the privacy enhancement for the initial upgrade becomes available for your LastPass account, you will be prompted in your vault to select Encrypt URLs now to start the URL encryption process for existing URLs in your vault items. This process needs to be completed only once and should take just minutes.  

For more information, you can refer to the detailed resources provided by LastPass. Users should contact MIT’s Service Desk with any questions by sending a note to servicedesk@mit.edu or calling 617-253-1101.