SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Office worker laptop cloud apps ai icons secure access shield
#
Encryption
#
MFA
#
Cloud Security

LastPass unveils browser-based Secure Access Essentials

Wed, 11th Mar 2026
Author image
By Mark Tarre, News Chief

LastPass has outlined a broader product direction that extends beyond password management with Secure Access Essentials, a package focused on browser-based access to applications, software-as-a-service tools and emerging workplace AI services.

It framed the move as a response to growing app sprawl and the rise of unsanctioned tools in day-to-day work. Many employees now log into dozens of services each day, much of it through a browser without consistent security controls.

Browser focus

Secure Access Essentials centres on a browser extension, aiming to reduce reliance on additional infrastructure and separate software deployments. The model is intended to appeal to small and mid-sized businesses with lean IT teams, as well as individuals and families.

The direction also reflects rapid adoption of workplace AI tools. LastPass cited a Cybernews study that found 59% of employees use AI tools their employer has not approved. It also pointed to a finding that 80% of leaders list data leakage as a top concern, linking this to the risks created by unsanctioned SaaS and AI use.

LastPass also cited a global average data breach cost of $10.22 million. It said attackers have shifted tactics and browser-based threats have increased, strengthening the case for security controls at the browser layer.

Business features

For business users, Secure Access Essentials groups three areas of functionality: discovery of unmanaged apps and AI tools, access control, and sign-in security.

For discovery, IT teams can gain visibility into unapproved applications and AI tools used across an organisation, with the aim of identifying risk earlier-before it becomes an incident.

For access control, administrators can define and enforce who has access to specific tools, with support for auditing access.

For sign-ins, the package combines password management, single sign-on and multi-factor authentication, and integrates with identity providers commonly used as a central directory and authentication layer.

Consumer scope

For individuals and families, Secure Access Essentials covers password storage and autofill across devices and platforms, with built-in multi-factor authentication and an emphasis on reducing friction in daily logins.

The consumer package also includes dark web monitoring, scanning for compromised credentials and alerting users when personal or family data appears in known breaches.

Deployment pitch

LastPass described the approach as designed for teams without dedicated security staff. Administrators can deploy the browser extension across an organisation quickly and manage onboarding and offboarding with limited overhead. It also pitched the product as suitable for organisations with no IT staff, via a self-service set-up.

"In a world where businesses and people rely on more apps and AI tools than ever before, securing access has become both essential and even more complicated," said Don MacLennan, chief product officer at LastPass.

"Customers tell us they need security that gives them control without slowing anyone down. Secure Access Essentials delivers exactly that: simple, foundational access protection that can help keep every user, every app, and every AI tool secure, all from the place people already work - the browser. Our mission is to make trusted access possible for every organization without added complexity or cost."

Security backdrop

LastPass also addressed its security posture after a period of scrutiny of the password management sector. Over the past three years, it said it has made a multi-year, multi-million-dollar investment to rebuild its security foundation, updating internal processes and technology. It listed ISO 27001 and SOC2 certifications among its standards.

It also said it has rolled out hardware authentication for employees and set up public Trust and Compliance Centres for system monitoring and access to certifications. The company said it operates a dedicated Threat Intelligence, Mitigation and Escalations team.

On encryption, LastPass said it has upgraded its implementation to 600,000 PBKDF2 SHA256 iterations and introduced passkey support.

Industry event

LastPass plans to discuss Secure Access Essentials at the RSA Conference 2026, where it said it will demonstrate how organisations can secure access to applications, AI tools and credentials through the browser extension and its management controls.

Related stories
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
ISACA launches AI risk certification amid governance gap
Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks

Top stories

AI tools widen cyber attack threat, Flashpoint warns
AI flaws & supply-chain risks top new pentesting report
Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack