LastPass confronted a serious assault in 2022 after hackers gained entry to delicate person information by an exploit discovered on the pc of one of many engineers working for the corporate. Greater than two years after this incident, LastPass has now introduced new measures to higher defend customers’ information, who will now be required to set a stronger grasp password.
LastPass now requires stronger grasp password
In a weblog submit on Wednesday, LastPass says that customers will now be requested to set a brand new grasp password to guard their account on the platform. This new password must be not less than 12 characters lengthy, whereas beforehand the grasp password solely wanted to be 8 characters lengthy.
In line with the corporate, whereas the Nationwide Institute of Requirements and Expertise (NIST) says that passwords have to be not less than 8 characters lengthy, extra superior password cracking and brute power strategies have motivated the corporate to set a brand new, stronger commonplace. The password should additionally include not less than one particular character, a quantity and an higher case letter.
The corporate reinforces that since final yr, all new customers or current customers who wanted to reset their grasp password had been already requested to set a 12-character password. With in the present day’s change, everybody can be required to replace their LastPass grasp password. LastPass additionally says it can test a database to verify the brand new password hasn’t been leaked earlier than.
By now implementing a minimal 12-character grasp password requirement, together with the PBKDF2 iteration will increase we delivered earlier this yr, we’re proactively serving to our clients create stronger and extra resilient encryption keys for accessing and encrypting their LastPass vault information.
A significant safety incident
LastPass doesn’t explicitly point out the safety incident that affected the corporate in 2022, saying solely that the modifications “are being applied in response to the always altering cyber menace setting.”
On the time, hackers gained entry to information corresponding to passwords, names, emails, addresses, cellphone numbers and extra from LastPass clients. Final yr, LastPass revealed that the credentials for the Amazon AWS servers utilized by the corporate had been stolen from a DevOps engineer by a vulnerability discovered within the Plex media platform.
Greater than 15 million passwords had been compromised. Following the incident, LastPass has taken plenty of steps to forestall future assaults. The engineer was assisted in strengthening the safety of their private community whereas new multifactor authentications had been added to LastPass’ programs.
In case you’re a LastPass person, ensure you replace your grasp password proper now. You’ll be able to study extra about LastPass on its official web site.
FTC: We use revenue incomes auto affiliate hyperlinks. Extra.
