X
search

LastPass starts enforcing 12-character master password for all users

Pictured: Viraj Gawde
By Viraj Gawde
January 07, 2024
Featured image for LastPass starts enforcing 12-character master password for all users

LastPass has started enforcing a 12-character minimum master password. The company is also carrying out additional measures to bolster its security against emerging threats. Previously, users could choose a weaker password despite the recommendation for a longer one. The new policy will hopefully put an end to the security breach woes that the password manager application suffered in 2022. To make matters worse, Cybersecurity experts claimed that the security lapses led to a wave of crypto thefts.

LastPass now requires mandatory 12-character master password

LastPass in a blog post revealed that since April 2023, all new users and existing users who took steps to reset their master password were required to follow the 12-character limit. However, this change did not affect legacy customers who continued using a shorter and weaker master password. For the uninitiated, the master password is the one that secures the LastPass account. All stored credentials likely get exposed if the account gets hacked. Still, the company claimed that as long as customers followed ‘best practices’ irrespective of the password strength, their data would remain secure.

Advertisement
Advertisement

Now, all master passwords on LastPass must be 12 characters or more which will remain the default setting. The master password must include uppercase, lowercase, numeric, and special characters, as is generally required for passwords nowadays.

New master password requirement is now rolling out

LastPass says that the new master password policy is rolling out in a phased manner. Free, Premium, and Family accounts are being notified first via email starting January 8. Business and Teams customers will have to comply towards the end of January 2024. Users with a 12-character login don’t need to make any changes and are good to go. Everybody else will have to create a longer master password. User accounts that don’t comply with the new policy will be logged out and asked to set a new password.

LastPass will also cross-check passwords on Dark Web

In addition to the updated longer password, starting next month, LastPass will begin checking new or reset master passwords against a database of known breached credentials on the dark web. If the chosen credential has already been exposed, the password manager will issue a security warning pop-up alerting the user to select another code.