As many will surely remember, during 2022 the popular password management platform LastPass she was the victim of a hacker attack which led to the access of sensitive user data. Approximately two years after the serious episode, the company that manages the service announced new measures to protect as best as possible the data of those who use it. In fact, users are now asked to set an even stronger main password (the login one)..
LastPass: Master password must now be at least 12 characters
LastPass’ 2024 opened with a statement signed by Mike Kosak, Senior Principal Intelligence Analyst of the company. The post states that users must now set a new master password, so as to make their account on the platform even more secure. The new password must contain at least 12 charactersand no longer at least 8 as previously.
The company believes that, despite for the National Institute of Standards and Technology 8-digit passcodes are safe, the most modern and advanced hacking techniques can be very dangerous, so he decided to set a new standard. Furthermore, the password must contain at least one special character, a number and a capital letter.
During the modification phase, the company will then verify that the new 12-character password has not been disclosed previously. «By setting a 12-character master password as a minimum requirement, along with the PBKDF2 iteration increases, we are proactively helping our customers create stronger encryption keys to access their LastPass vault“, it is read.
What happened in 2022
The company does not mention it in the press release, in fact it states that the novelty is a “response to constantly changing cyber threats”, but in 2022 hackers – exploiting an exploit found on a computer of a company employee – had access to user data such as passwords, names, emails, addresses, phone numbers and more. There is talk of around 15 million compromised passwords.