Password-manager purveyor LastPass has introduced it is setting new guidelines concerning the power of buyer passwords, with a brand new mandate that account grasp passwords embody a minimal of 12 characters.
A Jan. 2 blog post from LastPass senior principal intelligence analyst Mike Kosak defined that though the present Nationwide Institute Requirements and Expertise (NIST) tips advocate an eight-character password, developments in password cracking and the human tendency towards lazy password choosing make 12 characters an much more safe selection.
LastPass Beefing Up Passwords, MFA & Extra
“By now enforcing a minimum 12-character master password requirement, along with the PBKDF2 iteration increases we delivered earlier this year, we are proactively helping our customers create stronger and more resilient encryption keys for accessing and encrypting their LastPass vault data,” Kosak wrote.
Prospects who aren’t in compliance shall be prompted to replace their password, however those that have already got a powerful password will not have to take any extra actions, Kosak added.
“This policy will be implemented via a phased rollout to our customer base, with email notifications being sent to our Free, Premium and Families customers first, followed by our Teams and Business customers towards the end of January 2024,” Kosak wrote.
LastPass can also be pushing out MFA re-enrollment for federated enterprise clients utilizing broadly obtainable authenticators from Microsoft, Google, or LastPass Authenticators, and for re-enrollment for grid authenticationthe submit stated.
The corporate, which has suffered a string of security incidents and breachesmay also examine up to date passwords in opposition to a database of these recognized to have been uncovered on the Darkish Net and supply prompts for account holders to alter to a safer password.
“If the password is detected in a prior breacha ‘Security Warning’ pop-up will alert the customer that the password has already been exposed, in which case they will be prompted to choose another password in order to proceed,” in response to the weblog submit.
A LastPass spokesperson confirmed to Darkish Studying that the brand new grasp password guidelines usually are not the results of a brand new cybersecurity incident on the firm. A large breach in August 2022, in addition to subsequent follow-on assaults, allowed risk actors to entry and steal data from the LastPass cloud storage servicetogether with a backup of LastPass customer vault data in addition to LastPass source code.
Author: Becky Bracken, Editor, Darkish Studying
Date: 2024-01-03 15:00:00
