LastPass Requires Users to Update Master Password to at Least 12 Characters
LastPass is forcing all users to change their master passwords to at least 12 characters, possibly in response to a 2022 hack at the company.
LastPass on Thursday sent an email to users about the new requirement. “All master passwords must meet a 12-character minimum. If your master password is less than 12 characters, you will be required to update it,” the message says.
The email adds that LastPass is “committed to meeting the latest industry security standards and best practices” by instituting the new requirement. A spokesperson for LastPass adds “that this is not in response to a new threat or incident.”
The company plans on issuing a more detailed statement. Nevertheless, LastPass may also be reacting to a recent report about last year’s massive breach, which involved a hacker looting the password vaults for all users. Although the stolen vaults were encrypted, you can still break into them — if you can correctly guess the master password for each vault.
That’s what might be happening to some victims of the LastPass breach. According to journalist Brian Krebs, security researchers suspect crooks have been cracking the master passwords from the vaults, giving them access to login information for cryptocurrency wallets.
With the help of automated software, cracking a password becomes significantly easier if the login uses fewer characters. In LastPass’s case, the company began requiring new users to make their master passwords at least 12 characters in length starting in 2018. But it neglected to institute the requirement for existing users, according to Krebs. In addition, LastPass may have failed to run the master passwords through enough encryption routines to prevent potential password cracking.
Hackers seem
Read more on pcmag.com
