LastPass now requires 12-character master passwords for better security

LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security.
Even though LastPass has repeatedly said that there is a 12-character master password requirement since 2018, users have had the ability to use a weaker one.
LastPass has begun enforcing a 12-character master password requirement since April 2023 for new accounts or password resets, but older accounts could still use passwords with fewer than 12 characters.
Starting this month, LastPass is now enforcing the 12-character master password requirement for all accounts.
LastPass added that it will also start checking new or updated master passwords against a database of credentials previously leaked on the dark web to ensure that they don't match already compromised accounts.
If a match is found, the customers will be alerted via a security warning pop-up and prompted to select another password to block future cracking attempts.
As part of the same effort to increase account security, LastPass also started a forced multi-factor authentication re-enrollment process in May 2023, which led to many users experiencing significant login issues and getting locked out of their accounts.
LastPass told BleepingComputer that B2C customers will begin receiving emails about these changes today, with B2B customers receiving them on January 10th. These measures are the direct result of two security breaches LastPass disclosed in August 2022 and November 2022.
In August, the company confirmed its developer environment was breached via a compromised developer account after the attackers hacked into a software engineer's corporate laptop.
During the breach, they stole source code, technical info, and some LastPass internal system secrets.
The information stolen in this incident was later used by threat actors in the December breach when they also stole customer vault data from its encrypted Amazon S3 buckets after compromising a senior DevOps engineer's computer using a remote code execution vulnerability to install a keylogger.
In October 2023, hackers stole $4.4 million worth of cryptocurrency from over 25+ victims using private keys and passphrases they could extract from LastPass databases stolen in LastPass' 2022 breaches.
According to research by MetaMask developer Taylor Monahan and ZachXBT, it is believed that threat actors are now cracking stolen LastPass master passwords to gain access to the password.
Using this access, the threat actors search for cryptocurrency wallet passphrases, credentials, and private keys and use them to load the wallets onto their own devices to drain them of all funds.
LastPass says its password management solution is now used by over 33 million people and 100,000 businesses worldwide.
CISA urges tech manufacturers to stop using default passwords.
Google Chrome now scans for compromised passwords in the background.
The password attacks of 2023: Lessons learned and next steps.
FBI: Play ransomware breached 300 victims, including critical orgs.
3CX warns customers to disable SQL database integrations.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 03 Jan 2024 17:20:15 +0000


Cyber News related to LastPass now requires 12-character master passwords for better security

LastPass Free vs. Premium: Which Plan Is Right for You? - LastPass is a password manager that integrates with web browsers and other applications to securely save and autofill passwords. LastPass Free comes at no cost and provides features like unlimited password management and dark web monitoring. LastPass ...
9 months ago Techrepublic.com
LastPass now requires 12-character master passwords for better security - LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. Even though LastPass has repeatedly said that there is a 12-character master password ...
10 months ago Bleepingcomputer.com
LastPass is enforcing some security changes to user accounts - LastPass is making some changes to enhance the security of its to user accounts. The news comes as a follow-up to the company's plans to enforce stronger passwords a few months ago. ADVERTISEMENT. A brief recap of the LastPass security breaches. ...
10 months ago Ghacks.net
LastPass breach linked to theft of $4.4 million in crypto - Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents. The news comes ...
11 months ago Bleepingcomputer.com
Timeline of the Latest LastPass Data Breaches - A Complete Overview - LastPass, a popular password management system, has been the target of malicious hackers several times in the last few years. In this article, we’ll take a look at the latest LastPass data breaches and what happened in each incident. ...
1 year ago Csoonline.com
Security Breach at LastPass: Customer Data Taken - A recent security breach has exposed customer data from LastPass, a password manager. LastPass has confirmed that a third party was able to access some of the data, including users’ email addresses, hashed passwords, and other account and profile ...
1 year ago Hackread.com
LastPass Enforces 12-Character Master Passwords - Two years after suffering a series of major beaches, LastPass has started implementing stricter password measures for its customers. These include the requirement for all customers to use a master password with at least 12 characters. This measure ...
10 months ago Infosecurity-magazine.com
Got Now Suffers Security Breach After Acquisition of LastPass - Got Now, the parent company of password vault LastPass, recently suffered a massive security breach, resulting in malicious actors gaining access to LastPass user data. LastPass, a cross-platform password manager which is used as an authentication ...
1 year ago Thehackernews.com
LastPass Hikes Password Requirements to 12 Characters - Password-manager purveyor LastPass has announced it's setting new rules about the strength of customer passwords, with a new mandate that account master passwords include a minimum of 12 characters. A Jan. 2 blog post from LastPass senior principal ...
10 months ago Darkreading.com
Fake LastPass password manager spotted on Apple's App Store - LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. The fake app uses a similar name to the genuine app, a similar icon, and a red-themed interface ...
9 months ago Bleepingcomputer.com
Fake app impersonating LastPass spotted in Apple's App Store The Register - LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. A screenshot of the fake LastPass app in the Apple App ...
9 months ago Go.theregister.com
Enzoic for AD Lite Data Shows Increase in Crucial Risk Factors - The 2023 data from Enzoic for Active Directory Lite data from 2023 offers a revealing glimpse into the current state of cybersecurity, highlighting a significant increase in risk factors that lead to data breaches. The free password auditor has been ...
9 months ago Securityboulevard.com
LastPass: Hackers targeted employee in failed deepfake CEO call - LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer. While 25% of people have been on the receiving end of an ...
7 months ago Bleepingcomputer.com
Top 6 LastPass Alternatives for 2024 - LastPass is a popular choice for managing passwords and sensitive information for individuals and businesses. While the tool still enjoys global patronage, it's not a bad idea to consider other password managers that can serve as worthy alternatives ...
9 months ago Techrepublic.com
LastPass Warns on Password App Discovered in Apple App Store - LastPass is a password manager application - a tool that allows users to create multiple secure passwords and store them all in one place, behind one strong master password. Though the fake app closely resembles the official LastPass app in terms of ...
9 months ago Darkreading.com
The most popular passwords of 2023 are easy to guess and crack - Each year, analysts at various Internet security companies release lists of the most used passwords. ADVERTISEMENT. The passwords that are on these lists may act as a warning for any Internet and electronic device user. Some common passwords have ...
10 months ago Ghacks.net
KeePass disputes report of flaw that could exfiltrate a database - Recent security incidents around password managers such as Bitwarden and 1Password, and a posting last week by independent security researcher Alex Hernandez that the open-source KeePass password manager had a flaw, have sparked discussion in the ...
1 year ago Packetstormsecurity.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
11 months ago Microsoft.com
With the Right Support, Developers Can Lead Your Organization to Superior PCI-DSS 4.0 Compliance - The Payment Card Industry Data Security Standard version 4.0 will change almost everything about security for any business or organization that accepts electronic payments, which is a vast majority of them. Make no mistake, this update will be ...
11 months ago Feeds.dzone.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
10 months ago Feeds.dzone.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
1 month ago Helpnetsecurity.com
Protect your Active Directory from these Password-based Vulnerabilities - Deploying a security solution like Specops Password Policy enhances the protection of passwords, which are frequently exploited as an initial entry point by attackers. In this attack, the perpetrator, typically using a compromised low-level account ...
11 months ago Bleepingcomputer.com
Understanding the 2024 Cloud Security Landscape - As we swiftly move towards the second quarter of 2024, predictions by cloud security reports highlight the challenges of cloud adoption in the cloud security landscape. This growing reliance on cloud infrastructure raises the critical issue of ...
8 months ago Feeds.dzone.com
Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware - Transitioning to memory-safe languages: Challenges and considerationsIn this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation, discusses the evolution of memory-safe programming languages and ...
8 months ago Helpnetsecurity.com
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
6 months ago Blog.checkpoint.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)