In a move that should have come sooner, LastPass has increased the minimum requirements for master password length. From now on, the minimum length of the master password of all users will be at least 12 characters. Longer passwords are certainly advised for greater protection of user profiles and better online security.
The changes come just one year after a terrible year for LastPass. In 2022, attackers managed to steal data from users. Although the data was in the hands of the attackers, it remained protected by the master password.
LastPass announced the change on January 2nd. Users who have passwords longer than 12 characters and additional security measures will not need to make additional changes. Others will receive a notification that they need to change their password. Starting next month, LastPass will also add functionality that will check if the master password is part of a known list of passwords published on the dark web.
Why is the security of master passwords so important?
The master password is a kind of a keeper of all the user “secrets” stored with password managers like LastPass. Adding longer complex passwords will make them harder to crack, thereby increasing users’ online security.
Better defense against brute force attacks
One of the favorite ways to crack passwords is by applying brute force. These attacks are hardly sophisticated; the attackers use software and checks all possible combinations of letters, numbers, and special characters, until they guess the correct password. This of course means that longer passwords are harder to crack. With a minimum of 12 characters, the number of potential combinations is significantly increased, which also improves security.
The master password is the “key” that keeps all data safe in LastPass. By increasing the characters, an additional layer of protection is added. A secure master password has a significant impact on the security of the entire digital eco-system.
Compliance with the recommendations of security experts
Most security experts have criticized LastPass’s practice of allowing shorter passwords. The guidelines and recommendations from the National Institute of Standards and Technology are that passwords longer than 12 characters significantly add to the security of the passwords. Of course, nothing stopped LastPass users to create a longer password themselves, but now this becomes obligatory.
What is the use of password managers?
Using password managers makes maintaining online security much easier. Proper usage and safe practices are key to maintaining online safety. Here are some benefits of using password managers:
Simplified password management
Password managers like LastPass make the often tedious task of managing numerous passwords easy. With the ability to generate and store complex passwords, users can provide unique passwords for each account and bypass the need to memorize them all. Using unique passwords is extremely important for maintaining security during mass breaches. In this case, users who have different passwords will have to change the password in one place. Others who use the same username and password combination everywhere may have more serious problems.
Integration of multi-factor authentication (MFA).
Most better password managers offer multi-factor authentication (MFA) features. This is an extra layer of security and adds an extra step to the login process. It significantly reduces the risk of unauthorized access even if the password is compromised.
Regular audits and updates of passwords
Probably everyone who has accounts on multiple services already knows how much of a headache it is to keep passwords safe. Password managers make it much easier to regularly review saved passwords. The biggest advantage is the identification of weak and reused passwords, but also notifications of passwords found in a database of cracked and discovered passwords.
LastPass’s latest policy with the 12-character password is the right step for better online security. This change significantly increases the online security of users in a period in which the number of attacks is increasing, as well as the sophistication of the attackers.
