After introducing the requirement as an optional security feature for some time, LastPass has now enforced 12-character master password as a mandatory requirement. While it previously applied to new users, this requirement now applies to the existing users as well.
LastPass Mandates 12-character Master Password
As announced via a recent blog post, the popular password manager LastPass has introduced several changes to its users’ accounts. The most important change includes the necessary 12-character limit for setting up the master password.
As stated, while the National Institute of Standards and Technology (NIST) guidelines mention an 8-character minimum limit for a human-generated password, LastPass applied a 12-character limit for better security. Explaining this update, Mike Kosak, Senior Principal Intelligence Analyst at LastPass, highlighted the rising password breaches and contemporary password cracking techniques as the prime reason behind the recent requirement.
This isn’t an entirely new update since LastPass first implemented this feature in 2018 as the default setting. But it still allowed users to ignore this requirement.
However, given the rising cybersecurity threats, the existing LastPass users also have to update their master password now. The service started rolling out this change in April 2023 to the new and existing users attempting to reset their master passwords. And now, starting January 2024, all LastPass users must update their master passwords to meet the minimum 12-character limit.
While using 12 characters is the minimum requirement, LastPass recommends using more than 12 as best practices.
Other Major LastPass Updates
Besides implementing the new character limit for master passwords, LastPass has also introduced two noteworthy feature upgrades to the tool.
The first includes a dark web cross-checking feature that allows the tool to recheck all master passwords against a known database of breached credentials. This way, it will help the users in setting up strong master passwords.
The other feature update includes multi-factor authentication (MFA) re-enrollment, protecting users from potential threats due to “prior exposure of the LastPass MFA/Federation database backup.”
Let us know your thoughts in the comments.