There are companies that blame their users for their negligence. And there are others – certainly whose business is IT security – who help them strengthen their protection. The popular password management service LastPass has just shown that it wants to be part of the second batch.
At the beginning of January, the company announced a series of changes for its users. Using a password manager allows you to keep your various passwords used away from prying eyes, but provided that the master password is not cracked.
Twelve characters
At LastPass, the latter could be eight characters in size. Given advances in brute force attacks, this way of testing combinations of characters on the fly, the company will now require all of its customers to define a master password of at least twelve characters. This was already the default setting for the service since 2018, but it was still possible to create a shorter password.
To help its users define their password correctly, LastPass will also begin in February to check the strength of the new passwords chosen. These will be compared to a database of leaked passwords. This way, users will be able to know if the password they are about to choose has already been revealed on a black market.
Dictionary attack
Interesting information for uses: dictionary attacks rely precisely on these large password databases that have already leaked. If an identical password already exposed is detected, the user will be prompted to choose another password, which will then be “much more difficult” to crack.
So many measures which should also allow LastPass to restore its image. Two years earlier, for example, certain users’ master passwords were revealed following a credential stuffing attack. But the company was especially shaken very severely in 2022 by a computer hack.
The malicious hacker had managed to penetrate its network by posing as a developer, thus bypassing multi-factor authentication. The latter then got his hands on safes of encrypted passwords, an invaluable treasure for the cybercriminal if he succeeds in finding the right keys to open them.