LastPass has recently implemented stricter password measures in response to recent security incidents. This includes requiring users to set a master password of at least 12 characters [1], aligning with best practices recommended by the National Institute of Standards and Technology [3]. Additionally, LastPass has enhanced other security settings and implemented a process to check passwords against a database of credential breaches.
Description
As part of their efforts to enhance account security, LastPass now requires users to set a master password of at least 12 characters [1]. This change aligns with the best practices recommended by the National Institute of Standards and Technology [3]. Previously, customers had the option to create a master password with fewer characters [3], but now those with a password fewer than 12 characters will be prompted to reset their master password [3].
In addition to the stricter password requirements, LastPass has also updated other security settings [2]. They have implemented a process to check new or reset master passwords against a database of credential breaches. This allows LastPass to alert users if their password matches any compromised credentials.
Conclusion
LastPass acknowledges their shortcomings in responding to recent security incidents and aims to improve communication with customers [1]. These stricter password measures and enhanced security settings are crucial steps towards ensuring the safety of user accounts. By aligning with best practices and implementing checks against compromised credentials, LastPass is taking proactive measures to protect user information. This commitment to security will help mitigate the risk of unauthorized access and enhance overall account security.
References
[1] https://www.itpro.com/security/lastpass-is-getting-stricter-on-master-passwords-in-the-wake-of-a-disastrous-2022-security-breach
[2] https://www.theverge.com/2024/1/3/24024012/lastpass-master-password-12-character-minimum-requirement-data-breach
[3] https://www.scmagazine.com/news/lastpass-to-enforce-a-12-character-requirement-for-master-passwords
