In a bid to enhance user security, LastPass has announced a significant update requiring all users to set a minimum 12-character master password for their accounts While the 12-character master password has been the default setting since 2018, users previously had the option to use a weaker alternative. The latest move will enforce the 12-character requirement for all accounts, including older ones.
Additionally, LastPass is implementing a new measure to check new or updated master passwords against a database of credentials leaked on the dark web. This approach will prevent the use of compromised passwords and will alert users with a security warning pop-up if a match is found. Users are then prompted to select an alternative password to thwart potential cracking attempts.
Read: Top reasons you should start using a Password Manager
LastPass began a forced multi-factor authentication (MFA) re-enrollment process in May 2023. It resulted in some users encountering login issues and being temporarily locked out of their accounts.
These security enhancements come in response to two security breaches disclosed by LastPass in August and November 2022. The breaches exposed the company’s developer environment and led to the theft of source code, technical information, and customer vault data. In October 2023, hackers exploited the stolen LastPass databases to steal $4.4 million worth of cryptocurrency from multiple victims.
LastPass is one of the most popular password managers with over 33 million individual users and 100K business users. The company aims to reinforce its commitment to user security with these proactive measures. The company is now taking additional steps to protect user accounts.
Also see: Best Free Alternative to LastPass
