When it comes to passwords, size matters. LastPassthe identifier management software, has just implemented a new policy which will require Internet users to use passwords of at least 12 characters.
You probably know or use LastPass, this password manager that has been very popular in recent years. And even if you are not a customer, you have surely heard about the piracy problems that the software encountered during the year 2022/2023. To put the focus back on security (and try to regain the trust of Internet users), the company will now force its customers to use a password of at least 12 characters.
Some tips for having a secure password
In a blog post published on January 2, 2024, LastPass explains that this change is intended to respond to “the constant evolution of cyber threats” and “strengthen the security of customer accounts“. The company doesn’t say a word about the hacking it suffered, but you can read it between the lines.
As with just about all password managers, it’s not just the number of characters that matters. As the company points out, your master password (which is used to consult all the others) must:
- Use 12 characters (at least, but more is recommended);
- Use an uppercase letter, a lowercase letter, a number and a special character;
- Do not use sequential or repeated characters (1234 or aaaa);
- Do not contain your email address or other personal information.
To keep things simple, LastPass recommends using a “passphrase” rather than a password. Rather than choosing the classic “password”, using a passphrase like “ThisIsMyHyperSecurePassword,NobodyCanGuessItBecauseIt’s78Characters” is both more secure and easier to remember. The company indicates that it will also compare the password provided to “a known list of compromised credentials, to verify that they have not been previously exposed on the dark web“.
A solution currently being deployed
“Given recent advances in password cracking and brute force attack technologies and techniques, and given the human tendency to create predictable, easy-to-remember passwords» LastPass therefore advises giving a boost to the strength of your password. This also has the advantage of “create stronger, more resilient encryption keys to access and encrypt data in their vault.» So your encryption key will not be easily cracked if a malicious hacker infiltrates (again) the LastPass systems.
If you have not yet been pushed by LastPass to change your password, please be patient, the new measure is currently being deployed. Nothing prevents you, however, from changing your password immediately. Those who already have a password of 12 characters or more do not need to do anything.
Source : LastPass
5