After breaches, LastPass will require 12-character master password

A LastPass announced yesterday that all master passwords must be at least 12 characters long, shorter passwords are not permitted. The change aims to make accounts more secure and prevent unauthorized access.

The service also said that it will check whether the new passwords match those that were leaked. If LastPass finds passwords that match, users will be advised to choose an alternative code to avoid problems.

The improvements come following LastPass suffered two breaches — one in August and another in November 2022. At the time, hackers stole sensitive data from the systems and used it to access more user information.

Last October, criminals managed to steal US$4.4 million in cryptocurrencies using information from LastPass. Now, researchers believe they are trying to discover the master passwords for accessing important data.

To increase security, LastPass began requiring users to re-enroll in the multi-factor authentication (MFA) process last May. Unfortunately, this change caused login difficulties for some, leading to their accounts being locked.

According to BleepingComputer, the LastPass solution is currently used by more than 33 million people and in more than 100 thousand companies globally. According to the company, these measures are essential steps to strengthen the security of its platform in the face of growing cyber threats.