LastPass Tightens Security with Mandatory Long Master Passwords and MFA Re-enrollment
LastPass, a renowned password manager, has bolstered its security measures following a series of breaches in 2022. The company has made several changes, including mandatory long master passwords and multi-factor authentication (MFA) re-enrollment, to enhance user protection.
LastPass has introduced stricter password requirements. All customers must now use a master password with at least 12 characters. This measure was previously optional but became mandatory for new customers and those resetting their master passwords in April 2023. The company recommends master passwords that are long, complex, and unique, using a mix of upper case, lower case, numeric, and special characters.
LastPass will also cross-check new master passwords against a database of known breached credentials. This ensures that users do not set passwords that have been previously exposed. Additionally, the company is prompting customers to re-enroll their multi-factor authentication (MFA) with common authenticators like Microsoft Authenticator and Google Authenticator. This update, rolled out in phased stages since the end of January 2023, is a significant step towards improving overall security.
LastPass's enhanced security measures, including mandatory long master passwords and MFA re-enrollment, aim to protect users following the 2022 breaches. Existing customers who joined before April 2023 and had not changed their master password are now required to update their passwords to meet the new standards. These changes underscore the importance of strong, unique passwords and multi-factor authentication in safeguarding digital identities.
