Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

LastPass is forcing its users to make longer, tougher passwords

LastPass TechRadar Pro
LastPass.

LastPass is forcing customers to set up 12-character master passwords, if they haven’t already, in an effort to improve security following a major incident in 2022.

While this has been a default option since 2018, LastPass customers have been able to evade the 12-character recommendation, which will now soon be mandatory.

On its website, the password manager said the new requirement surpasses the current National Institute of Standards and Technology (NIST) guidelines which state that human-generated passwords should be at least eight characters long.

LastPass security boost

In a company blog post, LastPass Senior Principal Intelligence Analyst Mike Kosak said the password length requirement is part of a progressive set of initiatives that the company is rolling out in order to protect customer accounts, thus minimizing the likelihood of any successful attacks.

In an email to customers seen by TechRadar Pro, LastPass said in response to why it was making the change: “We’re committed to meeting the latest industry security standards and best practices to protect against external threats.”

There’s also the fact that the company suffered a “security incident” in 2022, which saw an unauthorized party gain access to some of the company’s data.

From January 2024, LastPass users’ master password should include at least 12 upper case, lower case, numeric, and special characters.

Free, Premium, and Family customers are among the first to be notified about the change, and Teams and Business customers are expected to receive a warning by the end of January.

From February, new and reset master passwords will also be cross-referenced in real-time against a list of exposed credentials on the dark web. Users will receive a security warning if the password they choose has been previously leaked. 

Customers who fail to meet the deadline will be logged out and forced to create a new master password, helping LastPass to ensure that all customers have taken the necessary steps.

A LastPass spokesperson confirmed in an email to TechRadar Pro that a phased rollout begins on January 8 for business customers.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
No dating apps, no dates, no exes, no hookups: what’s driving the ‘boy sober’ trend?
Women continue to bear the brunt of online harassment and abuse. A reckoning is overdue
The Guardian - AU
The Guardian - AU
I now have a personal sleep coach, and you can have one too
Sleep tracking, sound aids, and sleep articles all combine to provide the tools required to improve your sleep
TechRadar
TechRadar
David Duchovny Says He Would Have "Loved to Have Done More" on 'Sex and the City'
The actor appeared in one episode of the hit HBO show during Season 6.
Marie Claire
Marie Claire
Netflix top 10 movies — here’s the 3 worth watching right now
The Netflix top 10 is a constantly rotating list of the most popular films on the service. Here are the best three to stream now.
Tom’s Guide
Tom’s Guide
Meet the 59-year-old Barbie ‘dealer’ whose hustle has netted $2 million in sales
Bruce Zalkin has 35 years in the trade and sold one couple's collection for $250,000.
Fortune
Fortune
Low waste meet high-end sushi in Chicago
The Omakase Room is found nestled deep within its 110-seater sister restaurant Sushi-San
Salon
Salon
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play