Security News > 2024 > January > LastPass now requires 12-character master passwords for better security
LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security.
"Historically, while a 12-character master password has been LastPass' default setting since 2018, customers still had the ability to forego the recommended default settings and choose to create a master password with fewer characters, if they wished to do so," LastPass said in a new announcement today.
LastPass has begun enforcing a 12-character master password requirement since April 2023 for new accounts or password resets, but older accounts could still use passwords with fewer than 12 characters.
"Starting in January 2024, LastPass will enforce a requirement that all customers use a master password with at least 12 characters."
"Next month, LastPass will also begin immediate checks on new or reset master passwords against a database of known breached credentials in order to ensure the password hasn't been previously exposed on the Dark Web.".
According to research by MetaMask developer Taylor Monahan and ZachXBT, it is believed that threat actors are now cracking stolen LastPass master passwords to gain access to the password.