Passkeys might be the future of passwords, as they make your accounts more secure and also more convenient by giving them unique codes that are automatically saved and syncronized. But while we’re still getting there, we need to keep using our passwords. LastPass, which recently became quite infamous because of a catastrophic security breach, is now enforcing longer master passwords on users.
LastPass has recently announced a series of changes to enhance user security, urging customers to update their master password length and complexity, re-enroll in multi-factor authentication (MFA), and adhere to new security measures. Among the changes, the National Institute of Standards and Technology (NIST) recommends a minimum of 8 characters for human-generated passwords, but LastPass now enforces a 12-character minimum to bolster resilience against emerging threats. Existing customers are being prompted to update their master passwords, adhering to the new guidelines. LastPass already suggested a 12-character minimum for passwords, but you could bypass it if your password was shorter. Now, it’s a mandatory minimum.
LastPass also plans to cross-check new passwords against a database of known breached credentials on the Dark Web, issuing security warnings for exposed passwords to enhance overall security. Additionally, users are also being prompted to re-enroll in multi-factor authentication (MFA), with efforts to streamline the process for non-federated Business customers. The phased rollout of these measures includes email notifications to Free, Premium, and Families customers, followed by Teams and Business customers. The company recommends users set up account recovery before changing their master password.
Of course, this is an effort by LastPass to not only safeguard users who haven’t left the app yet, but also to recover the trust of users after the security breach. As a reminder, the breach caused millions in monetary losses, as it was recently discovered that hackers managed to bust open some password vaults despite LastPass assuaging users that passwords were safe since they were encrypted.
We’ll have to see whether these new measures, or any that are implemented from this point onward, are enough to assuage (very justified) user concerns. We still don’t recommend you re-download this now, as it’ll probably take much more than this to actually make the app safe to use again.
Source: LastPass