June 17, 2024

Within the wake of a devastating information breach, LastPass is forcing all clients to improve their grasp passwords to incorporate at the very least 12 characters.

LastPass skilled a knowledge breach final yr that went from unhealthy to worse as extra particulars emerged. The corporate is raring to enhance safety within the wake of the incident, and is forcing customers to improve their passwords as a part of that effort. Mike Kosak, Senior Principal Intelligence Analyst, outlined the corporate’s new coverage.

You might have seen that recently we’ve been asking our clients to make some modifications to their LastPass accounts. These modifications embrace requiring clients to replace their grasp password size and complexity to fulfill really useful greatest practices and prompting clients to re-enroll their multi-factor authentication (MFA), amongst others. All of those modifications are meant to assist make our clients safer, and we wish to share further context concerning the evolving cyber risk atmosphere that’s driving these requests so clients can higher perceive WHY these modifications are essential. To do that, we’ll deal with a few of these latest modifications, and clarify what threats are driving them, and the way these updates are designed to assist.

Kosak emphasised that the 12-character password coverage already existed, however is now necessary.

LastPass’ new grasp password size requirement is only one a part of a progressive set of initiatives designed to assist our clients higher defend themselves from present and rising cyber threats. Traditionally, whereas a 12-character grasp password has been LastPass’ default setting since 2018, clients nonetheless had the power to forego the really useful default settings and select to create a grasp password with fewer characters, in the event that they wished to take action. By now imposing a minimal 12-character grasp password requirement, together with the PBKDF2 iteration will increase we delivered earlier this yr, we’re proactively serving to our clients create stronger and extra resilient encryption keys for accessing and encrypting their LastPass vault information.

The transfer is a welcome one, and can hopefully assist LastPass subscribers preserve their delicate information safe.