LastPass, the popular password manager, is getting a new security upgrade that makes it harder for hackers to obtain your password.
Now, passwords will have a minimum of 12 characters (previously 8). While the current default is already 12, preexisting LastPass users weren’t required to update their passwords to meet the 1-character minimum.
Customers who are using the old shorter password system will be required to update their passwords once LastPass finishes rolling out the new update. LastPass Free, Premium, and Families accounts will receive the update first, while Business users will have to wait just a bit longer. The company also stated that it plans on looking into potential master password resets for breached accounts.
Over the last few years, LastPass was victim to several major data breaches, which put the master passwords of some users at risk. Even though the company told its users that as long as they followed smart safety practices their passwords would be safe, the data breach exposed millions of users.
After more than a year, LastPass seems to finally be addressing its major security concerns.
“LastPass’s new master password length requirement is just one part of a progressive set of initiatives designed to help our customers better protect themselves from current and emerging cyber threats,” writes the company in a blog post. “By now enforcing a minimum 12-character master password requirement, along with the PBKDF2 iteration increases we delivered earlier in 2023, we are proactively helping our customers create stronger and more resilient encryption keys.”
If you’re a current LastPass user, it’s recommended to regularly update your master password — it’s encouraged to preemptively make your password at least 12 characters.”