CyberSecurityBoard
Sponsor Register Login

LastPass Enforces 12-Character Master Passwords

Two years after suffering a series of major beaches, LastPass has started implementing stricter password measures for its customers.
These include the requirement for all customers to use a master password with at least 12 characters.
This measure has been LastPass' default option since 2018.
In April 2023 it was made mandatory for new customers and existing customers who reset their master passwords.
Other existing customers, i.e. those who joined before April 2023 and had not changed their master password, could keep their shorter master passwords until now.
Although the current National Institute of Standards and Technology guidelines require that human-generated passwords be at least eight characters in length, recent advances in password cracking and brute-forcing technology and techniques mean that an even longer password is recommended, he continued.
LastPass provided a list of additional recommendations for customers needing to change their master password.
A master password longer than 12 characters is recommended.
Using at least one of each of the following: upper case, lower case, numeric, and special character values.
Making the new master password memorable, but not easily guessed Making sure that it is unique only to an individual and not reused anywhere else.
A phased rollout will be implemented from the end of January to progressively nudge customers to implement the new measure.
LastPass will also begin cross-checking its customers' new master passwords against a database of known breached credentials in order to ensure the password has not been previously exposed on the dark web.
The firm will also start prompting customers to re-enroll their multi-factor authentication with common authenticators like Microsoft Authenticator and Google Authenticator.
These new measures come after LastPass suffered multiple breaches in 2022, which saw an unauthorized party gain access to some of the company's data.
The series of incidents, extensively reported by Infosecurity Magazine, highlighted the importance of having a long and complex master password when using a password manager.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 04 Jan 2024 17:00:23 +0000


Cyber News related to LastPass Enforces 12-Character Master Passwords

LastPass Free vs. Premium: Which Plan Is Right for You? - LastPass is a password manager that integrates with web browsers and other applications to securely save and autofill passwords. LastPass Free comes at no cost and provides features like unlimited password management and dark web monitoring. LastPass ...
9 months ago Techrepublic.com
LastPass now requires 12-character master passwords for better security - LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. Even though LastPass has repeatedly said that there is a 12-character master password ...
10 months ago Bleepingcomputer.com
LastPass is enforcing some security changes to user accounts - LastPass is making some changes to enhance the security of its to user accounts. The news comes as a follow-up to the company's plans to enforce stronger passwords a few months ago. ADVERTISEMENT. A brief recap of the LastPass security breaches. ...
10 months ago Ghacks.net
LastPass breach linked to theft of $4.4 million in crypto - Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents. The news comes ...
11 months ago Bleepingcomputer.com
Timeline of the Latest LastPass Data Breaches - A Complete Overview - LastPass, a popular password management system, has been the target of malicious hackers several times in the last few years. In this article, we’ll take a look at the latest LastPass data breaches and what happened in each incident. ...
1 year ago Csoonline.com
LastPass Enforces 12-Character Master Passwords - Two years after suffering a series of major beaches, LastPass has started implementing stricter password measures for its customers. These include the requirement for all customers to use a master password with at least 12 characters. This measure ...
10 months ago Infosecurity-magazine.com
Security Breach at LastPass: Customer Data Taken - A recent security breach has exposed customer data from LastPass, a password manager. LastPass has confirmed that a third party was able to access some of the data, including users’ email addresses, hashed passwords, and other account and profile ...
1 year ago Hackread.com
LastPass Hikes Password Requirements to 12 Characters - Password-manager purveyor LastPass has announced it's setting new rules about the strength of customer passwords, with a new mandate that account master passwords include a minimum of 12 characters. A Jan. 2 blog post from LastPass senior principal ...
10 months ago Darkreading.com
Fake LastPass password manager spotted on Apple's App Store - LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. The fake app uses a similar name to the genuine app, a similar icon, and a red-themed interface ...
9 months ago Bleepingcomputer.com
Fake app impersonating LastPass spotted in Apple's App Store The Register - LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. A screenshot of the fake LastPass app in the Apple App ...
9 months ago Go.theregister.com
Got Now Suffers Security Breach After Acquisition of LastPass - Got Now, the parent company of password vault LastPass, recently suffered a massive security breach, resulting in malicious actors gaining access to LastPass user data. LastPass, a cross-platform password manager which is used as an authentication ...
1 year ago Thehackernews.com
LastPass Warns on Password App Discovered in Apple App Store - LastPass is a password manager application - a tool that allows users to create multiple secure passwords and store them all in one place, behind one strong master password. Though the fake app closely resembles the official LastPass app in terms of ...
9 months ago Darkreading.com
Enzoic for AD Lite Data Shows Increase in Crucial Risk Factors - The 2023 data from Enzoic for Active Directory Lite data from 2023 offers a revealing glimpse into the current state of cybersecurity, highlighting a significant increase in risk factors that lead to data breaches. The free password auditor has been ...
9 months ago Securityboulevard.com
The most popular passwords of 2023 are easy to guess and crack - Each year, analysts at various Internet security companies release lists of the most used passwords. ADVERTISEMENT. The passwords that are on these lists may act as a warning for any Internet and electronic device user. Some common passwords have ...
10 months ago Ghacks.net
LastPass: Hackers targeted employee in failed deepfake CEO call - LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer. While 25% of people have been on the receiving end of an ...
7 months ago Bleepingcomputer.com
Top 6 LastPass Alternatives for 2024 - LastPass is a popular choice for managing passwords and sensitive information for individuals and businesses. While the tool still enjoys global patronage, it's not a bad idea to consider other password managers that can serve as worthy alternatives ...
9 months ago Techrepublic.com
KeePass disputes report of flaw that could exfiltrate a database - Recent security incidents around password managers such as Bitwarden and 1Password, and a posting last week by independent security researcher Alex Hernandez that the open-source KeePass password manager had a flaw, have sparked discussion in the ...
1 year ago Packetstormsecurity.com
Why the toothbrush DDoS story fooled us all - I'll be the first to admit that, like many people on the internet last week, I got caught up in the toothbrush distributed denial-of-service attack that wasn't. There was about a 24-hour period where many news outlets reported on a reported DDoS ...
9 months ago Blog.talosintelligence.com
How long does it take to crack a password in 2024? - With AI entering the game, the time to brute force passwords has been reduced significantly already and continues to be reduced. ADVERTISEMENT. Password guidelines and rules have not changed all that much for users in the past ten or so years, ...
6 months ago Ghacks.net
In Pursuit of a Passwordless Future - Many computer users dream of a day when the industry can move past its reliance on passwords to reach a more serene future of frictionless cybersecurity. The fact is that countless remaining devices and systems have been aging and based on password ...
11 months ago Securityboulevard.com
Protect your Active Directory from these Password-based Vulnerabilities - Deploying a security solution like Specops Password Policy enhances the protection of passwords, which are frequently exploited as an initial entry point by attackers. In this attack, the perpetrator, typically using a compromised low-level account ...
11 months ago Bleepingcomputer.com
In Pursuit of a Passwordless Future - Many computer users dream of a day when the industry can move past its reliance on passwords to reach a more serene future of frictionless cybersecurity. The fact is, countless remaining devices and systems are aging relics that have been based on ...
9 months ago Cyberdefensemagazine.com
What are the Privacy Measures Offered by Character AI? - In the era where virtual communication has played a tremendous part in people's lives, it has also raised concerns regarding its corresponding privacy and data security. When it comes to AI-based platforms like Character AI, or generative AI, privacy ...
10 months ago Cysecurity.news
KeePass Vulnerability Allowing Stealthy Password Theft Disputed - The development team behind the open-source password management software KeePass is disputing what is described as a newly found vulnerability that allows attackers to stealthily export the entire database in plain text. KeePass is a very popular ...
1 year ago Bleepingcomputer.com
Jason's Deli Restaurant Chain Hit by a Credential Stuffing Attack - The personal information of more than 340,000 customers of popular restaurant chain Jason's Deli may have been victims of a credential stuffing attack, a scheme in which the hacker uses stolen or leaked credentials to log into other online accounts. ...
9 months ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)