How is Emergency Access secure?

LastPass uses public-private key cryptography with RSA-2048 to allow users to share the key to their vault with trusted parties, without ever passing that information in an un-encrypted format to LastPass. When Emergency Access is activated, each user has a pair of cryptographic keys and a public key to allow others to encrypt data for the user, and a private key that allows the user to decrypt the data that others have encrypted for them.

The key used to encrypt and decrypt your LastPass Vault data is encrypted with the Emergency Access contact's public key, and can be decrypted only with their corresponding private key. When setting up Emergency Access, you are using the recipient's public key, encrypting your LastPass Vault key with that public key, and then LastPass stores that RSA-2048 encrypted data until it's released (after the waiting period you specify). Only the recipient can decrypt the data, so no one else can decrypt it without access to the private key of the recipient you're sharing it with, which is encrypted with their Master Password key. This process is completely automated, with no action required by the end user, and ensures that the data is inaccessible by LastPass or outside parties.