"LastPass Mandates 12-Character Minimum for Master Passwords Post-Security Update"
LastPass is enforcing a new security measure requiring all users to have a master password of at least 12 characters. This change, effective from April 2023 for new accounts and password resets, now extends to all accounts to enhance security following two breaches in 2022. The company will also check new or updated master passwords against a database of credentials leaked on the dark web. Additionally, LastPass faced issues with a forced multi-factor authentication re-enrollment process in May 2023. These security updates come after LastPass experienced significant breaches in 2022, which led to the theft of source code and customer vault data, and were later linked to a cryptocurrency theft totaling $4.4 million. LastPass is widely used, with over 33 million individual users and 100,000 businesses.
